Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite0bda4d

Browse files
committed
[PGPRO-5673] add missing grants (caused byCVE-2018-1058fixes#415 PGPRO-5315)
1 parent6081c08 commite0bda4d

File tree

6 files changed

+81
-20
lines changed

6 files changed

+81
-20
lines changed

‎.travis.yml‎

Lines changed: 40 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,45 @@ notifications:
2626

2727
# Default MODE is basic, i.e. all tests with PG_PROBACKUP_TEST_BASIC=ON
2828
env:
29-
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE
30-
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE
31-
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE
32-
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE
33-
-PG_VERSION=10 PG_BRANCH=REL_10_STABLE
34-
-PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE
35-
-PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE
29+
# - PG_VERSION=14 PG_BRANCH=REL_14_STABLE
30+
# - PG_VERSION=13 PG_BRANCH=REL_13_STABLE
31+
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE
32+
# - PG_VERSION=11 PG_BRANCH=REL_11_STABLE
33+
# - PG_VERSION=10 PG_BRANCH=REL_10_STABLE
34+
# - PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE
35+
# - PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE
36+
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE MODE=auth_test
37+
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE MODE=auth_test
38+
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=auth_test
39+
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE MODE=auth_test
40+
-PG_VERSION=10 PG_BRANCH=REL_10_STABLE MODE=auth_test
41+
-PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE MODE=auth_test
42+
-PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE MODE=auth_test
43+
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE MODE=backup
44+
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE MODE=backup
45+
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=backup
46+
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE MODE=backup
47+
-PG_VERSION=10 PG_BRANCH=REL_10_STABLE MODE=backup
48+
-PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE MODE=backup
49+
-PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE MODE=backup
50+
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE MODE=checkdb
51+
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE MODE=checkdb
52+
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=checkdb
53+
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE MODE=checkdb
54+
-PG_VERSION=10 PG_BRANCH=REL_10_STABLE MODE=checkdb
55+
-PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE MODE=checkdb
56+
-PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE MODE=checkdb
57+
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE MODE=restore
58+
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE MODE=restore
59+
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=restore
60+
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE MODE=restore
61+
-PG_VERSION=10 PG_BRANCH=REL_10_STABLE MODE=restore
62+
-PG_VERSION=9.6 PG_BRANCH=REL9_6_STABLE MODE=restore
63+
-PG_VERSION=9.5 PG_BRANCH=REL9_5_STABLE MODE=restore
64+
-PG_VERSION=14 PG_BRANCH=REL_14_STABLE MODE=ptrack
65+
-PG_VERSION=13 PG_BRANCH=REL_13_STABLE MODE=ptrack
66+
-PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=ptrack
67+
-PG_VERSION=11 PG_BRANCH=REL_11_STABLE MODE=ptrack
3668
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=archive
3769
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=backup
3870
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=compression
@@ -43,7 +75,7 @@ env:
4375
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=replica
4476
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=retention
4577
# - PG_VERSION=12 PG_BRANCH=REL_12_STABLE MODE=restore
46-
-PG_VERSION=15 PG_BRANCH=master
78+
# - PG_VERSION=15 PG_BRANCH=master
4779

4880
jobs:
4981
allow_failures:

‎doc/pgprobackup.xml‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -614,6 +614,8 @@ GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_xlog() TO backup;
614614
GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
615615
GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
616616
GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
617+
GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
618+
GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;
617619
COMMIT;
618620
</programlisting>
619621
<para>
@@ -634,6 +636,8 @@ GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
634636
GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
635637
GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
636638
GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_checkpoint() TO backup;
639+
GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
640+
GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;
637641
COMMIT;
638642
</programlisting>
639643
<para>
@@ -654,6 +658,8 @@ GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
654658
GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
655659
GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
656660
GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_checkpoint() TO backup;
661+
GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
662+
GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;
657663
COMMIT;
658664
</programlisting>
659665
<para>
@@ -5541,6 +5547,8 @@ GRANT EXECUTE ON FUNCTION pg_catalog.txid_current() TO backup;
55415547
GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup;
55425548
GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;
55435549
GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_checkpoint() TO backup;
5550+
GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;
5551+
GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;
55445552
COMMIT;
55455553
</programlisting>
55465554
</step>

‎tests/backup.py‎

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2028,7 +2028,9 @@ def test_backup_with_least_privileges_role(self):
20282028
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean) TO backup; "
20292029
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup() TO backup; "
20302030
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
2031-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
2031+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
2032+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
2033+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
20322034
)
20332035
# PG 9.6
20342036
elifself.get_version(node)>90600andself.get_version(node)<100000:
@@ -2065,7 +2067,9 @@ def test_backup_with_least_privileges_role(self):
20652067
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_xlog() TO backup; "
20662068
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_xlog_replay_location() TO backup; "
20672069
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
2068-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
2070+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
2071+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
2072+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
20692073
)
20702074
# >= 10
20712075
else:
@@ -2101,7 +2105,9 @@ def test_backup_with_least_privileges_role(self):
21012105
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_wal() TO backup; "
21022106
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_wal_replay_lsn() TO backup; "
21032107
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
2104-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
2108+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
2109+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
2110+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
21052111
)
21062112

21072113
ifself.ptrack:

‎tests/checkdb.py‎

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -570,7 +570,8 @@ def test_checkdb_with_least_privileges(self):
570570
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup; '
571571
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_system() TO backup; '
572572
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass) TO backup; '
573-
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup;'
573+
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup; '
574+
'GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;'
574575
)
575576
# PG 9.6
576577
elifself.get_version(node)>90600andself.get_version(node)<100000:
@@ -596,7 +597,8 @@ def test_checkdb_with_least_privileges(self):
596597
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup; '
597598
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_system() TO backup; '
598599
# 'GRANT EXECUTE ON FUNCTION bt_index_check(regclass) TO backup; '
599-
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup;'
600+
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup; '
601+
'GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;'
600602
)
601603
# >= 10
602604
else:
@@ -622,7 +624,8 @@ def test_checkdb_with_least_privileges(self):
622624
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_is_in_recovery() TO backup; '
623625
'GRANT EXECUTE ON FUNCTION pg_catalog.pg_control_system() TO backup; '
624626
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass) TO backup; '
625-
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup;'
627+
'GRANT EXECUTE ON FUNCTION bt_index_check(regclass, bool) TO backup; '
628+
'GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup;'
626629
)
627630

628631
ifProbackupTest.enterprise:

‎tests/ptrack.py‎

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -410,7 +410,9 @@ def test_ptrack_unprivileged(self):
410410
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean) TO backup; "
411411
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup() TO backup; "
412412
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
413-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
413+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
414+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
415+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
414416
)
415417
# PG 9.6
416418
elifself.get_version(node)>90600andself.get_version(node)<100000:
@@ -446,7 +448,9 @@ def test_ptrack_unprivileged(self):
446448
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_xlog() TO backup; "
447449
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_xlog_replay_location() TO backup; "
448450
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
449-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
451+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
452+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
453+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
450454
)
451455
# >= 10
452456
else:
@@ -480,7 +484,9 @@ def test_ptrack_unprivileged(self):
480484
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_wal() TO backup; "
481485
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_wal_replay_lsn() TO backup; "
482486
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
483-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
487+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
488+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
489+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
484490
)
485491

486492
ifnode.major_version<11:

‎tests/restore.py‎

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3230,7 +3230,9 @@ def test_missing_database_map(self):
32303230
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_start_backup(text, boolean) TO backup; "
32313231
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_stop_backup() TO backup; "
32323232
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
3233-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
3233+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
3234+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
3235+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
32343236
)
32353237
# PG 9.6
32363238
elifself.get_version(node)>90600andself.get_version(node)<100000:
@@ -3267,7 +3269,9 @@ def test_missing_database_map(self):
32673269
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_xlog() TO backup; "
32683270
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_xlog_replay_location() TO backup; "
32693271
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
3270-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
3272+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
3273+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
3274+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
32713275
)
32723276
# >= 10
32733277
else:
@@ -3302,7 +3306,9 @@ def test_missing_database_map(self):
33023306
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_switch_wal() TO backup; "
33033307
"GRANT EXECUTE ON FUNCTION pg_catalog.pg_last_wal_replay_lsn() TO backup; "
33043308
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_current_snapshot() TO backup; "
3305-
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup;"
3309+
"GRANT EXECUTE ON FUNCTION pg_catalog.txid_snapshot_xmax(txid_snapshot) TO backup; "
3310+
"GRANT EXECUTE ON FUNCTION pg_catalog.set_config(text, text, boolean) TO backup; "
3311+
"GRANT EXECUTE ON FUNCTION pg_catalog.oideq(oid, oid) TO backup;"
33063312
)
33073313

33083314
ifself.ptrack:

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp