rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-28 00:11:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

adminpack: Revoke EXECUTE on pg_logfile_rotate()

Browse Source 
In 9.6, we moved a number of functions over to using the GRANT system to
control access instead of having hard-coded superuser checks.

As it turns out, adminpack was creating another function in the catalog
for one of those backend functions where the superuser check was
removed, specifically pg_rotate_logfile(), but it didn't get the memo
about having to REVOKE EXECUTE on the alternative-name function
(pg_logfile_rotate()), meaning that in any installations with adminpack
on 9.6 and higher, any user is able to run the pg_logfile_rotate()
function, which then calls pg_rotate_logfile() and rotates the logfile.

Fix by adding a new version of adminpack (1.1) which handles the REVOKE.
As this function should have only been available to the superuser, this
is a security issue, albeit a minor one.

In HEAD, move the changes implemented for adminpack up to be adminpack
2.0 instead of 1.1.

Security: CVE-2018-1115
This commit is contained in:
Stephen Frost 2018-05-07 10:10:33 -04:00
parent f955d7ee16
commit 7b347409fa
4 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/adminpack/Makefile
View File

@ -5,7 +5,7 @@ OBJS = adminpack.o $(WIN32RES)
PG_CPPFLAGS = -I$(libpq_srcdir) PG_CPPFLAGS = -I$(libpq_srcdir)
EXTENSION = adminpack EXTENSION = adminpack
DATA = adminpack--1.0.sql adminpack--1.0--1.1.sql DATA = adminpack--1.0.sql adminpack--1.0--1.1.sql adminpack--1.1--2.0.sql
PGFILEDESC = "adminpack - support functions for pgAdmin" PGFILEDESC = "adminpack - support functions for pgAdmin"
REGRESS = adminpack REGRESS = adminpack

47
contrib/adminpack/adminpack--1.0--1.1.sql
View File

@ -3,49 +3,4 @@
-- complain if script is sourced in psql, rather than via ALTER EXTENSION -- complain if script is sourced in psql, rather than via ALTER EXTENSION
\echo Use "ALTER EXTENSION adminpack UPDATE TO '1.1'" to load this file. \quit \echo Use "ALTER EXTENSION adminpack UPDATE TO '1.1'" to load this file. \quit
/* *********************************************** REVOKE EXECUTE ON FUNCTION pg_catalog.pg_logfile_rotate() FROM PUBLIC;
* Administrative functions for PostgreSQL
* *********************************************** */
/* generic file access functions */
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_write(text, text, bool)
RETURNS bigint
AS 'MODULE_PATHNAME', 'pg_file_write_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_write(text, text, bool) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_rename(text, text, text)
RETURNS bool
AS 'MODULE_PATHNAME', 'pg_file_rename_v1_1'
LANGUAGE C VOLATILE;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_rename(text, text, text) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_rename(text, text)
RETURNS bool
AS 'SELECT pg_catalog.pg_file_rename($1, $2, NULL::pg_catalog.text);'
LANGUAGE SQL VOLATILE STRICT;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_unlink(text)
RETURNS bool
AS 'MODULE_PATHNAME', 'pg_file_unlink_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_unlink(text) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_logdir_ls()
RETURNS setof record
AS 'MODULE_PATHNAME', 'pg_logdir_ls_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_logdir_ls() FROM PUBLIC;
/* These functions are now in the backend and callers should update to use those */
DROP FUNCTION pg_file_read(text, bigint, bigint);
DROP FUNCTION pg_file_length(text);
DROP FUNCTION pg_logfile_rotate();

51
contrib/adminpack/adminpack--1.1--2.0.sql Normal file
View File

@ -0,0 +1,51 @@
/* contrib/adminpack/adminpack--1.1--2.0.sql */
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
\echo Use "ALTER EXTENSION adminpack UPDATE TO '2.0'" to load this file. \quit
/* ***********************************************
* Administrative functions for PostgreSQL
* *********************************************** */
/* generic file access functions */
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_write(text, text, bool)
RETURNS bigint
AS 'MODULE_PATHNAME', 'pg_file_write_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_write(text, text, bool) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_rename(text, text, text)
RETURNS bool
AS 'MODULE_PATHNAME', 'pg_file_rename_v1_1'
LANGUAGE C VOLATILE;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_rename(text, text, text) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_rename(text, text)
RETURNS bool
AS 'SELECT pg_catalog.pg_file_rename($1, $2, NULL::pg_catalog.text);'
LANGUAGE SQL VOLATILE STRICT;
CREATE OR REPLACE FUNCTION pg_catalog.pg_file_unlink(text)
RETURNS bool
AS 'MODULE_PATHNAME', 'pg_file_unlink_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_file_unlink(text) FROM PUBLIC;
CREATE OR REPLACE FUNCTION pg_catalog.pg_logdir_ls()
RETURNS setof record
AS 'MODULE_PATHNAME', 'pg_logdir_ls_v1_1'
LANGUAGE C VOLATILE STRICT;
REVOKE EXECUTE ON FUNCTION pg_catalog.pg_logdir_ls() FROM PUBLIC;
/* These functions are now in the backend and callers should update to use those */
DROP FUNCTION pg_file_read(text, bigint, bigint);
DROP FUNCTION pg_file_length(text);
DROP FUNCTION pg_logfile_rotate();

2
contrib/adminpack/adminpack.control
View File

@ -1,6 +1,6 @@
# adminpack extension # adminpack extension
comment = 'administrative functions for PostgreSQL' comment = 'administrative functions for PostgreSQL'
default_version = '1.1' default_version = '2.0'
module_pathname = '$libdir/adminpack' module_pathname = '$libdir/adminpack'
relocatable = false relocatable = false
schema = pg_catalog schema = pg_catalog