Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit53b79ab

Browse files
committed
adminpack: Revoke EXECUTE on pg_logfile_rotate()
In 9.6, we moved a number of functions over to using the GRANT system tocontrol access instead of having hard-coded superuser checks.As it turns out, adminpack was creating another function in the catalogfor one of those backend functions where the superuser check wasremoved, specifically pg_rotate_logfile(), but it didn't get the memoabout having to REVOKE EXECUTE on the alternative-name function(pg_logfile_rotate()), meaning that in any installations with adminpackon 9.6 and higher, any user is able to run the pg_logfile_rotate()function, which then calls pg_rotate_logfile() and rotates the logfile.Fix by adding a new version of adminpack (1.1) which handles the REVOKE.As this function should have only been available to the superuser, thisis a security issue, albeit a minor one.Security:CVE-2018-1115
1 parent5c40494 commit53b79ab

File tree

4 files changed

+63
-2
lines changed

4 files changed

+63
-2
lines changed

‎contrib/adminpack/Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ OBJS = adminpack.o $(WIN32RES)
55
PG_CPPFLAGS = -I$(libpq_srcdir)
66

77
EXTENSION = adminpack
8-
DATA = adminpack--1.0.sql
8+
DATA = adminpack--1.0.sql adminpack--1.1.sql adminpack--1.0--1.1.sql
99
PGFILEDESC = "adminpack - support functions for pgAdmin"
1010

1111
ifdefUSE_PGXS
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
/* contrib/adminpack/adminpack--1.0--1.1.sql*/
2+
3+
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
4+
\echo Use"ALTER EXTENSION adminpack UPDATE TO '1.1'" to load this file. \quit
5+
6+
REVOKE EXECUTEON FUNCTIONpg_catalog.pg_logfile_rotate()FROM PUBLIC;

‎contrib/adminpack/adminpack--1.1.sql

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
/* contrib/adminpack/adminpack--1.1.sql*/
2+
3+
-- complain if script is sourced in psql, rather than via CREATE EXTENSION
4+
\echo Use"CREATE EXTENSION adminpack" to load this file. \quit
5+
6+
/* ***********************************************
7+
* Administrative functions for PostgreSQL
8+
* ************************************************/
9+
10+
/* generic file access functions*/
11+
12+
CREATEFUNCTIONpg_catalog.pg_file_write(text,text, bool)
13+
RETURNSbigint
14+
AS'MODULE_PATHNAME','pg_file_write'
15+
LANGUAGE C VOLATILE STRICT;
16+
17+
CREATEFUNCTIONpg_catalog.pg_file_rename(text,text,text)
18+
RETURNS bool
19+
AS'MODULE_PATHNAME','pg_file_rename'
20+
LANGUAGE C VOLATILE;
21+
22+
CREATEFUNCTIONpg_catalog.pg_file_rename(text,text)
23+
RETURNS bool
24+
AS'SELECT pg_catalog.pg_file_rename($1, $2, NULL::pg_catalog.text);'
25+
LANGUAGE SQL VOLATILE STRICT;
26+
27+
CREATEFUNCTIONpg_catalog.pg_file_unlink(text)
28+
RETURNS bool
29+
AS'MODULE_PATHNAME','pg_file_unlink'
30+
LANGUAGE C VOLATILE STRICT;
31+
32+
CREATEFUNCTIONpg_catalog.pg_logdir_ls()
33+
RETURNS setof record
34+
AS'MODULE_PATHNAME','pg_logdir_ls'
35+
LANGUAGE C VOLATILE STRICT;
36+
37+
38+
/* Renaming of existing backend functions for pgAdmin compatibility*/
39+
40+
CREATEFUNCTIONpg_catalog.pg_file_read(text,bigint,bigint)
41+
RETURNStext
42+
AS'pg_read_file'
43+
LANGUAGE INTERNAL VOLATILE STRICT;
44+
45+
CREATEFUNCTIONpg_catalog.pg_file_length(text)
46+
RETURNSbigint
47+
AS'SELECT size FROM pg_catalog.pg_stat_file($1)'
48+
LANGUAGE SQL VOLATILE STRICT;
49+
50+
CREATEFUNCTIONpg_catalog.pg_logfile_rotate()
51+
RETURNS int4
52+
AS'pg_rotate_logfile'
53+
LANGUAGE INTERNAL VOLATILE STRICT;
54+
55+
REVOKE EXECUTEON FUNCTIONpg_catalog.pg_logfile_rotate()FROM PUBLIC;

‎contrib/adminpack/adminpack.control

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# adminpack extension
22
comment = 'administrative functions for PostgreSQL'
3-
default_version = '1.0'
3+
default_version = '1.1'
44
module_pathname = '$libdir/adminpack'
55
relocatable = false
66
schema = pg_catalog

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp