Skip to content
Snippets Groups Projects
Select Git revision
  • benchmark-tools
  • postgres-lambda
  • master default
  • REL9_4_25
  • REL9_5_20
  • REL9_6_16
  • REL_10_11
  • REL_11_6
  • REL_12_1
  • REL_12_0
  • REL_12_RC1
  • REL_12_BETA4
  • REL9_4_24
  • REL9_5_19
  • REL9_6_15
  • REL_10_10
  • REL_11_5
  • REL_12_BETA3
  • REL9_4_23
  • REL9_5_18
  • REL9_6_14
  • REL_10_9
  • REL_11_4
23 results

miscadmin.h

Blame
    • Tom Lane's avatar
      ce9ab889
      Make REPLICATION privilege checks test current user not authenticated user. · ce9ab889
      Tom Lane authored
      The pg_start_backup() and pg_stop_backup() functions checked the privileges
      of the initially-authenticated user rather than the current user, which is
      wrong.  For example, a user-defined index function could successfully call
      these functions when executed by ANALYZE within autovacuum.  This could
      allow an attacker with valid but low-privilege database access to interfere
      with creation of routine backups.  Reported and fixed by Noah Misch.
      
      Security: CVE-2013-1901
      ce9ab889
      History
      Make REPLICATION privilege checks test current user not authenticated user.
      Tom Lane authored
      The pg_start_backup() and pg_stop_backup() functions checked the privileges
      of the initially-authenticated user rather than the current user, which is
      wrong.  For example, a user-defined index function could successfully call
      these functions when executed by ANALYZE within autovacuum.  This could
      allow an attacker with valid but low-privilege database access to interfere
      with creation of routine backups.  Reported and fixed by Noah Misch.
      
      Security: CVE-2013-1901