Skip to content

Commit 4cd4a54

Browse files
tglsfdctglsfdc
committed
Add configurable option controlling security checks in LO functions.
1 parent 1c3c080 commit 4cd4a54

File tree

2 files changed

+16
-2
lines changed

2 files changed

+16
-2
lines changed

src/backend/libpq/be-fsstubs.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.34 1999/05/31 22:53:57 tgl Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.35 1999/06/04 21:13:38 tgl Exp $
1111
*
1212
* NOTES
1313
* This should be moved to a more appropriate place. It is here
@@ -334,10 +334,12 @@ lo_import(text *filename)
334334
LargeObjectDesc *lobj;
335335
Oid lobjOid;
336336

337+
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
337338
if (!superuser())
338339
elog(ERROR, "You must have Postgres superuser privilege to use "
339340
"server-side lo_import().\n\tAnyone can use the "
340341
"client-side lo_import() provided by libpq.");
342+
#endif
341343

342344
/*
343345
* open the file to be read in
@@ -405,10 +407,12 @@ lo_export(Oid lobjId, text *filename)
405407
LargeObjectDesc *lobj;
406408
mode_t oumask;
407409

410+
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
408411
if (!superuser())
409412
elog(ERROR, "You must have Postgres superuser privilege to use "
410413
"server-side lo_export().\n\tAnyone can use the "
411414
"client-side lo_export() provided by libpq.");
415+
#endif
412416

413417
/*
414418
* open the inversion "object"

src/include/config.h.in

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -342,7 +342,7 @@ extern void srandom(unsigned int seed);
342342
#undef USE_POSIX_SIGNALS
343343

344344
/*
345-
* Code below this point should not require changes
345+
* Pull in OS-specific declarations (using link created by configure)
346346
*/
347347

348348
#include "os.h"
@@ -494,6 +494,16 @@ extern void srandom(unsigned int seed);
494494
*/
495495
/* #define PSQL_ALWAYS_GET_PASSWORDS */
496496

497+
/*
498+
* Define this if you want to allow the lo_import and lo_export SQL functions
499+
* to be executed by ordinary users. By default these functions are only
500+
* available to the Postgres superuser. CAUTION: these functions are
501+
* SECURITY HOLES since they can read and write any file that the Postgres
502+
* backend has permission to access. If you turn this on, don't say we
503+
* didn't warn you.
504+
*/
505+
/* #define ALLOW_DANGEROUS_LO_FUNCTIONS */
506+
497507
/*
498508
* Use btree bulkload code:
499509
* this code is moderately slow (~10% slower) compared to the regular

0 commit comments

Comments
 (0)