8000 Creator of a range type must have permission to call support functions. · postwait/postgres@a912a27 · GitHub
[go: up one dir, main page]
Skip to content
8000

Commit a912a27

Browse files
tglsfdctglsfdc
committed
Creator of a range type must have permission to call support functions.
Since range types can be created by non-superusers, we need to consider their permissions. Ideally we'd check this when the type is used, not when it's created, but that seems like much more trouble than it's worth. The existing restriction that the support functions be immutable already prevents most cases where an unauthorized call to a function might be thought a security issue, and the fact that the user has no access to the results of the system's calls to subtype_diff closes off the other plausible reason for concern. So this check is basically pro-forma, but let's make it anyway.
1 parent 74c1723 commit a912a27

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

src/backend/commands/typecmds.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1853,6 +1853,7 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)
18531853
{
18541854
Oid argList[1];
18551855
Oid procOid;
1856+
AclResult aclresult;
18561857

18571858
/*
18581859
* Range canonical functions must take and return the range type, and must
@@ -1880,6 +1881,11 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)
18801881
errmsg("range canonical function %s must be immutable",
18811882
func_signature_string(procname, 1, NIL, argList))));
18821883

1884+
/* Also, range type's creator must have permission to call function */
1885+
aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
1886+
if (aclresult != ACLCHECK_OK)
1887+
aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
1888+
18831889
return procOid;
18841890
}
18851891

@@ -1888,6 +1894,7 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)
18881894
{
18891895
Oid argList[2];
18901896
Oid procOid;
1897+
AclResult aclresult;
18911898

18921899
/*
18931900
* Range subtype diff functions must take two arguments of the subtype,
@@ -1916,6 +1923,11 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)
19161923
errmsg("range subtype diff function %s must be immutable",
19171924
func_signature_string(procname, 2, NIL, argList))));
19181925

1926+
/* Also, range type's creator must have permission to call function */
1927+
aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE);
1928+
if (aclresult != ACLCHECK_OK)
1929+
aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid));
1930+
19191931
return procOid;
19201932
}
19211933

0 commit comments

Comments
 (0)
2A72
0