Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc463338

Browse files
committed
Fix per-session activation of ALTER {ROLE|DATABASE} SET role.
After commit5a2fed9, the catalog stateresulting from these commands ceased to affect sessions. Restore thelongstanding behavior, which is like beginning the session with a SETROLE command. If cherry-picking theCVE-2024-10978 fixes, default toincluding this, too. (This fixes an unintended side effect of fixingCVE-2024-10978.) Back-patch to v12, like that commit. The release teamdecided to include v12, despite the original intent to halt v12 commitsearlier this week.Tom Lane and Noah Misch. Reported by Etienne LAFARGE.Discussion:https://postgr.es/m/CADOZwSb0UsEr4_UTFXC5k7=fyyK8uKXekucd+-uuGjJsGBfxgw@mail.gmail.com
1 parent20a8202 commitc463338

File tree

5 files changed

+87
-3
lines changed

5 files changed

+87
-3
lines changed

‎src/backend/utils/init/miscinit.c

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -686,7 +686,25 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
686686
{
687687
SetAuthenticatedUserId(roleid,is_superuser);
688688

689-
/* Set SessionUserId and related variables via the GUC mechanisms */
689+
/*
690+
* Set SessionUserId and related variables, including "role", via the
691+
* GUC mechanisms.
692+
*
693+
* Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that
694+
* session_authorization could subsequently be changed from
695+
* pg_db_role_setting entries. Instead, session_authorization in
696+
* pg_db_role_setting has no effect. Changing that would require
697+
* solving two problems:
698+
*
699+
* 1. If pg_db_role_setting has values for both session_authorization
700+
* and role, we could not be sure which order those would be applied
701+
* in, and it would matter.
702+
*
703+
* 2. Sites may have years-old session_authorization entries. There's
704+
* not been any particular reason to remove them. Ending the dormancy
705+
* of those entries could seriously change application behavior, so
706+
* only a major release should do that.
707+
*/
690708
SetConfigOption("session_authorization",rname,
691709
PGC_BACKEND,PGC_S_OVERRIDE);
692710
}

‎src/backend/utils/misc/guc.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7362,6 +7362,12 @@ set_config_option(const char *name, const char *value,
73627362
* expect that if "role" isn't supposed to be default, it
73637363
* has been or will be set by a separate reload action.
73647364
*
7365+
* Also, for the call from InitializeSessionUserId with
7366+
* source == PGC_S_OVERRIDE, use PGC_S_DYNAMIC_DEFAULT for
7367+
* "role"'s source, so that it's still possible to set
7368+
* "role" from pg_db_role_setting entries. (See notes in
7369+
* InitializeSessionUserId before changing this.)
7370+
*
73657371
* A fine point: for RESET session_authorization, we do
73667372
* "RESET role" not "SET ROLE NONE" (by passing down NULL
73677373
* rather than "none" for the value). This would have the
@@ -7374,7 +7380,9 @@ set_config_option(const char *name, const char *value,
73747380
(void)set_config_option("role",
73757381
value ?"none" :NULL,
73767382
orig_context,
7377-
orig_source,
7383+
(orig_source==PGC_S_OVERRIDE)
7384+
?PGC_S_DYNAMIC_DEFAULT
7385+
:orig_source,
73787386
action,
73797387
true,
73807388
elevel,

‎src/test/modules/unsafe_tests/Makefile

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
# src/test/modules/unsafe_tests/Makefile
22

3-
REGRESS = rolenames
3+
REGRESS = rolenames setconfig
4+
REGRESS_OPTS =\
5+
--create-role=regress_authenticated_user_sr\
6+
--create-role=regress_authenticated_user_ssa
47

58
# the whole point of these tests is to not run installcheck
69
NO_INSTALLCHECK = 1
Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
-- This is borderline unsafe in that an additional login-capable user exists
2+
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
3+
-- might allow unwanted logins as regress_authenticated_user_ssa.
4+
ALTER USER regress_authenticated_user_ssa superuser;
5+
CREATE ROLE regress_session_user;
6+
CREATE ROLE regress_current_user;
7+
GRANT regress_current_user TO regress_authenticated_user_sr;
8+
GRANT regress_session_user TO regress_authenticated_user_ssa;
9+
ALTER ROLE regress_authenticated_user_ssa
10+
SET session_authorization = regress_session_user;
11+
ALTER ROLE regress_authenticated_user_sr SET ROLE = regress_current_user;
12+
\c - regress_authenticated_user_sr
13+
SELECT current_user, session_user;
14+
current_user | session_user
15+
----------------------+-------------------------------
16+
regress_current_user | regress_authenticated_user_sr
17+
(1 row)
18+
19+
-- The longstanding historical behavior is that session_authorization in
20+
-- setconfig has no effect. Hence, session_user remains
21+
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
22+
\c - regress_authenticated_user_ssa
23+
SELECT current_user, session_user;
24+
current_user | session_user
25+
--------------------------------+--------------------------------
26+
regress_authenticated_user_ssa | regress_authenticated_user_ssa
27+
(1 row)
28+
29+
RESET SESSION AUTHORIZATION;
30+
DROP USER regress_session_user;
31+
DROP USER regress_current_user;
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
-- This is borderline unsafe in that an additional login-capable user exists
2+
-- during the test run. Under installcheck, a too-permissive pg_hba.conf
3+
-- might allow unwanted logins as regress_authenticated_user_ssa.
4+
5+
ALTERUSER regress_authenticated_user_ssa superuser;
6+
CREATE ROLE regress_session_user;
7+
CREATE ROLE regress_current_user;
8+
GRANT regress_current_user TO regress_authenticated_user_sr;
9+
GRANT regress_session_user TO regress_authenticated_user_ssa;
10+
ALTER ROLE regress_authenticated_user_ssa
11+
SET session_authorization= regress_session_user;
12+
ALTER ROLE regress_authenticated_user_srSET ROLE= regress_current_user;
13+
14+
\c- regress_authenticated_user_sr
15+
SELECTcurrent_user,session_user;
16+
17+
-- The longstanding historical behavior is that session_authorization in
18+
-- setconfig has no effect. Hence, session_user remains
19+
-- regress_authenticated_user_ssa. See comment in InitializeSessionUserId().
20+
\c- regress_authenticated_user_ssa
21+
SELECTcurrent_user,session_user;
22+
RESET SESSION AUTHORIZATION;
23+
DROPUSER regress_session_user;
24+
DROPUSER regress_current_user;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp