database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Add missing check on invocation of trusted procedures.

Browse Source 
KaiGai Kohei
This commit is contained in:
Robert Haas
2011-04-04 13:25:42 -04:00
parent a0e50e698b
commit 595a441ae9
4 changed files with 57 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/sepgsql/expected/label.out
View File

@ -22,6 +22,11 @@ CREATE FUNCTION f3 () RETURNS text
END;' LANGUAGE plpgsql;
SECURITY LABEL ON FUNCTION f3()
IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
CREATE FUNCTION f4 () RETURNS text
AS 'SELECT sepgsql_getcon()'
LANGUAGE sql;
SECURITY LABEL ON FUNCTION f4()
IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
--
-- Tests for default labeling behavior
--
@ -86,6 +91,8 @@ SELECT f2(); -- trusted procedure
SELECT f3(); -- trusted procedure that raises an error
ERROR: an exception from f3()
SELECT f4(); -- failed on domain transition
ERROR: SELinux: security policy violation
SELECT sepgsql_getcon(); -- client's label must be restored
sepgsql_getcon
-----------------------------------------------------
@ -107,3 +114,4 @@ DROP TABLE IF EXISTS t3 CASCADE;
DROP FUNCTION IF EXISTS f1() CASCADE;
DROP FUNCTION IF EXISTS f2() CASCADE;
DROP FUNCTION IF EXISTS f3() CASCADE;
DROP FUNCTION IF EXISTS f4() CASCADE;