Commit 4cd4a54c authored by Tom Lane's avatar Tom Lane

Add configurable option controlling security checks in LO functions.

parent 1c3c0805
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.34 1999/05/31 22:53:57 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.35 1999/06/04 21:13:38 tgl Exp $
* *
* NOTES * NOTES
* This should be moved to a more appropriate place. It is here * This should be moved to a more appropriate place. It is here
...@@ -334,10 +334,12 @@ lo_import(text *filename) ...@@ -334,10 +334,12 @@ lo_import(text *filename)
LargeObjectDesc *lobj; LargeObjectDesc *lobj;
Oid lobjOid; Oid lobjOid;
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
if (!superuser()) if (!superuser())
elog(ERROR, "You must have Postgres superuser privilege to use " elog(ERROR, "You must have Postgres superuser privilege to use "
"server-side lo_import().\n\tAnyone can use the " "server-side lo_import().\n\tAnyone can use the "
"client-side lo_import() provided by libpq."); "client-side lo_import() provided by libpq.");
#endif
/* /*
* open the file to be read in * open the file to be read in
...@@ -405,10 +407,12 @@ lo_export(Oid lobjId, text *filename) ...@@ -405,10 +407,12 @@ lo_export(Oid lobjId, text *filename)
LargeObjectDesc *lobj; LargeObjectDesc *lobj;
mode_t oumask; mode_t oumask;
#ifndef ALLOW_DANGEROUS_LO_FUNCTIONS
if (!superuser()) if (!superuser())
elog(ERROR, "You must have Postgres superuser privilege to use " elog(ERROR, "You must have Postgres superuser privilege to use "
"server-side lo_export().\n\tAnyone can use the " "server-side lo_export().\n\tAnyone can use the "
"client-side lo_export() provided by libpq."); "client-side lo_export() provided by libpq.");
#endif
/* /*
* open the inversion "object" * open the inversion "object"
......
...@@ -342,7 +342,7 @@ extern void srandom(unsigned int seed); ...@@ -342,7 +342,7 @@ extern void srandom(unsigned int seed);
#undef USE_POSIX_SIGNALS #undef USE_POSIX_SIGNALS
/* /*
* Code below this point should not require changes * Pull in OS-specific declarations (using link created by configure)
*/ */
#include "os.h" #include "os.h"
...@@ -494,6 +494,16 @@ extern void srandom(unsigned int seed); ...@@ -494,6 +494,16 @@ extern void srandom(unsigned int seed);
*/ */
/* #define PSQL_ALWAYS_GET_PASSWORDS */ /* #define PSQL_ALWAYS_GET_PASSWORDS */
/*
* Define this if you want to allow the lo_import and lo_export SQL functions
* to be executed by ordinary users. By default these functions are only
* available to the Postgres superuser. CAUTION: these functions are
* SECURITY HOLES since they can read and write any file that the Postgres
* backend has permission to access. If you turn this on, don't say we
* didn't warn you.
*/
/* #define ALLOW_DANGEROUS_LO_FUNCTIONS */
/* /*
* Use btree bulkload code: * Use btree bulkload code:
* this code is moderately slow (~10% slower) compared to the regular * this code is moderately slow (~10% slower) compared to the regular
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment