database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-14 18:42:34 +03:00
Code Activity

Force PL and range-type support functions to be owned by a superuser.

Browse Source 
We allow non-superusers to create procedural languages (with restrictions)
and range datatypes.  Previously, the automatically-created support
functions for these objects ended up owned by the creating user.  This
represents a rather considerable security hazard, because the owning user
might be able to alter a support function's definition in such a way as to
crash the server, inject trojan-horse SQL code, or even execute arbitrary
C code directly.  It appears that right now the only actually exploitable
problem is the infinite-recursion bug fixed in the previous patch for
CVE-2012-2655.  However, it's not hard to imagine that future additions of
more ALTER FUNCTION capability might unintentionally open up new hazards.
To forestall future problems, cause these support functions to be owned by
the bootstrap superuser, not the user creating the parent object.
This commit is contained in:
Tom Lane
2012-05-30 23:47:57 -04:00
parent 33c6eaf78e
commit ad0009e7be
6 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/backend/catalog/pg_aggregate.c
View File

@ -233,6 +233,7 @@ AggregateCreate(const char *aggName,
false, /* no replacement */ false, /* no replacement */
false, /* doesn't return a set */ false, /* doesn't return a set */
finaltype, /* returnType */ finaltype, /* returnType */
GetUserId(), /* proowner */
INTERNALlanguageId, /* languageObjectId */ INTERNALlanguageId, /* languageObjectId */
InvalidOid, /* no validator */ InvalidOid, /* no validator */
"aggregate_dummy", /* placeholder proc */ "aggregate_dummy", /* placeholder proc */

2
src/backend/catalog/pg_proc.c
View File

@ -69,6 +69,7 @@ ProcedureCreate(const char *procedureName,
bool replace, bool replace,
bool returnsSet, bool returnsSet,
Oid returnType, Oid returnType,
Oid proowner,
Oid languageObjectId, Oid languageObjectId,
Oid languageValidator, Oid languageValidator,
const char *prosrc, const char *prosrc,
@ -100,7 +101,6 @@ ProcedureCreate(const char *procedureName,
bool internalInParam = false; bool internalInParam = false;
bool internalOutParam = false; bool internalOutParam = false;
Oid variadicType = InvalidOid; Oid variadicType = InvalidOid;
Oid proowner = GetUserId();
Acl *proacl = NULL; Acl *proacl = NULL;
Relation rel; Relation rel;
HeapTuple tup; HeapTuple tup;

1
src/backend/commands/functioncmds.c
View File

@ -978,6 +978,7 @@ CreateFunction(CreateFunctionStmt *stmt, const char *queryString)
stmt->replace, stmt->replace,
returnsSet, returnsSet,
prorettype, prorettype,
GetUserId(),
languageOid, languageOid,
languageValidator, languageValidator,
prosrc_str, /* converted to text later */ prosrc_str, /* converted to text later */

4
src/backend/commands/proclang.c
View File

@ -18,6 +18,7 @@
#include "catalog/dependency.h" #include "catalog/dependency.h"
#include "catalog/indexing.h" #include "catalog/indexing.h"
#include "catalog/objectaccess.h" #include "catalog/objectaccess.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_language.h" #include "catalog/pg_language.h"
#include "catalog/pg_namespace.h" #include "catalog/pg_namespace.h"
#include "catalog/pg_pltemplate.h" #include "catalog/pg_pltemplate.h"
@ -124,6 +125,7 @@ CreateProceduralLanguage(CreatePLangStmt *stmt)
false, /* replace */ false, /* replace */
false, /* returnsSet */ false, /* returnsSet */
LANGUAGE_HANDLEROID, LANGUAGE_HANDLEROID,
BOOTSTRAP_SUPERUSERID,
ClanguageId, ClanguageId,
F_FMGR_C_VALIDATOR, F_FMGR_C_VALIDATOR,
pltemplate->tmplhandler, pltemplate->tmplhandler,
@ -160,6 +162,7 @@ CreateProceduralLanguage(CreatePLangStmt *stmt)
false, /* replace */ false, /* replace */
false, /* returnsSet */ false, /* returnsSet */
VOIDOID, VOIDOID,
BOOTSTRAP_SUPERUSERID,
ClanguageId, ClanguageId,
F_FMGR_C_VALIDATOR, F_FMGR_C_VALIDATOR,
pltemplate->tmplinline, pltemplate->tmplinline,
@ -199,6 +202,7 @@ CreateProceduralLanguage(CreatePLangStmt *stmt)
false, /* replace */ false, /* replace */
false, /* returnsSet */ false, /* returnsSet */
VOIDOID, VOIDOID,
BOOTSTRAP_SUPERUSERID,
ClanguageId, ClanguageId,
F_FMGR_C_VALIDATOR, F_FMGR_C_VALIDATOR,
pltemplate->tmplvalidator, pltemplate->tmplvalidator,

2
src/backend/commands/typecmds.c
View File

@ -38,6 +38,7 @@
#include "catalog/dependency.h" #include "catalog/dependency.h"
#include "catalog/heap.h" #include "catalog/heap.h"
#include "catalog/indexing.h" #include "catalog/indexing.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_collation.h" #include "catalog/pg_collation.h"
#include "catalog/pg_constraint.h" #include "catalog/pg_constraint.h"
#include "catalog/pg_depend.h" #include "catalog/pg_depend.h"
@ -1513,6 +1514,7 @@ makeRangeConstructors(const char *name, Oid namespace,
false, /* replace */ false, /* replace */
false, /* returns set */ false, /* returns set */
rangeOid, /* return type */ rangeOid, /* return type */
BOOTSTRAP_SUPERUSERID, /* proowner */
INTERNALlanguageId, /* language */ INTERNALlanguageId, /* language */
F_FMGR_INTERNAL_VALIDATOR, /* language validator */ F_FMGR_INTERNAL_VALIDATOR, /* language validator */
prosrc[i], /* prosrc */ prosrc[i], /* prosrc */

1
src/include/catalog/pg_proc_fn.h
View File

@ -21,6 +21,7 @@ extern Oid ProcedureCreate(const char *procedureName,
bool replace, bool replace,
bool returnsSet, bool returnsSet,
Oid returnType, Oid returnType,
Oid proowner,
Oid languageObjectId, Oid languageObjectId,
Oid languageValidator, Oid languageValidator,
const char *prosrc, const char *prosrc,