Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit595a441

Browse files
committed
Add missing check on invocation of trusted procedures.
KaiGai Kohei
1 parenta0e50e6 commit595a441

File tree

4 files changed

+57
-1
lines changed

4 files changed

+57
-1
lines changed

‎contrib/sepgsql/expected/label.out

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,11 @@ CREATE FUNCTION f3 () RETURNS text
2222
END;' LANGUAGE plpgsql;
2323
SECURITY LABEL ON FUNCTION f3()
2424
IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
25+
CREATE FUNCTION f4 () RETURNS text
26+
AS 'SELECT sepgsql_getcon()'
27+
LANGUAGE sql;
28+
SECURITY LABEL ON FUNCTION f4()
29+
IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
2530
--
2631
-- Tests for default labeling behavior
2732
--
@@ -86,6 +91,8 @@ SELECT f2();-- trusted procedure
8691

8792
SELECT f3();-- trusted procedure that raises an error
8893
ERROR: an exception from f3()
94+
SELECT f4();-- failed on domain transition
95+
ERROR: SELinux: security policy violation
8996
SELECT sepgsql_getcon();-- client's label must be restored
9097
sepgsql_getcon
9198
-----------------------------------------------------
@@ -107,3 +114,4 @@ DROP TABLE IF EXISTS t3 CASCADE;
107114
DROP FUNCTION IF EXISTS f1() CASCADE;
108115
DROP FUNCTION IF EXISTS f2() CASCADE;
109116
DROP FUNCTION IF EXISTS f3() CASCADE;
117+
DROP FUNCTION IF EXISTS f4() CASCADE;

‎contrib/sepgsql/hooks.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,7 @@ sepgsql_fmgr_hook(FmgrHookEventType event,
251251
if (!stack)
252252
{
253253
MemoryContextoldcxt;
254+
constchar*cur_label=sepgsql_get_client_label();
254255

255256
oldcxt=MemoryContextSwitchTo(flinfo->fn_mcxt);
256257
stack=palloc(sizeof(*stack));
@@ -260,6 +261,19 @@ sepgsql_fmgr_hook(FmgrHookEventType event,
260261

261262
MemoryContextSwitchTo(oldcxt);
262263

264+
if (strcmp(cur_label,stack->new_label)!=0)
265+
{
266+
/*
267+
* process:transition permission between old and new
268+
* label, when user tries to switch security label of
269+
* the client on execution of trusted procedure.
270+
*/
271+
sepgsql_check_perms(cur_label,stack->new_label,
272+
SEPG_CLASS_PROCESS,
273+
SEPG_PROCESS__TRANSITION,
274+
NULL, true);
275+
}
276+
263277
*private=PointerGetDatum(stack);
264278
}
265279
Assert(!stack->old_label);

‎contrib/sepgsql/sepgsql-regtest.te

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
1-
policy_module(sepgsql-regtest,1.01)
1+
policy_module(sepgsql-regtest,1.02)
2+
3+
gen_require(`
4+
all_userspace_class_perms
5+
')
26

37
## <desc>
48
## <p>
@@ -8,6 +12,12 @@ policy_module(sepgsql-regtest, 1.01)
812
## </desc>
913
gen_tunable(sepgsql_regression_test_mode,false)
1014

15+
#
16+
# Type definitions for regression test
17+
#
18+
type sepgsql_regtest_trusted_proc_exec_t;
19+
postgresql_procedure_object(sepgsql_regtest_trusted_proc_exec_t)
20+
1121
#
1222
# Test domains for database administrators
1323
#
@@ -57,3 +67,19 @@ optional_policy(`
5767
role unconfined_rtypes sepgsql_regtest_user_t;
5868
role unconfined_rtypes sepgsql_trusted_proc_t;
5969
')
70+
71+
#
72+
# Rule to check
73+
#
74+
optional_policy(`
75+
# These rules intends sepgsql_regtest_user_t domain to translate
76+
# sepgsql_regtest_dba_t on execution of procedures labeled as
77+
# sepgsql_regtest_trusted_proc_exec_t, but does not allow transition
78+
# permission from sepgsql_regtest_user_t to sepgsql_regtest_dba_t.
79+
#
80+
gen_require(`
81+
attribute sepgsql_client_type;
82+
')
83+
allow sepgsql_client_type sepgsql_regtest_trusted_proc_exec_t:db_procedure { getattr execute install };
84+
type_transition sepgsql_regtest_user_t sepgsql_regtest_trusted_proc_exec_t:process sepgsql_regtest_dba_t;
85+
')

‎contrib/sepgsql/sql/label.sql

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,12 @@ CREATE FUNCTION f3 () RETURNS text
2727
SECURITY LABELON FUNCTION f3()
2828
IS'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
2929

30+
CREATEFUNCTIONf4 () RETURNStext
31+
AS'SELECT sepgsql_getcon()'
32+
LANGUAGE sql;
33+
SECURITY LABELON FUNCTION f4()
34+
IS'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
35+
3036
--
3137
-- Tests for default labeling behavior
3238
--
@@ -59,6 +65,7 @@ SECURITY LABEL ON COLUMN t2.b
5965
SELECT f1();-- normal procedure
6066
SELECT f2();-- trusted procedure
6167
SELECT f3();-- trusted procedure that raises an error
68+
SELECT f4();-- failed on domain transition
6269
SELECT sepgsql_getcon();-- client's label must be restored
6370

6471
--
@@ -71,3 +78,4 @@ DROP TABLE IF EXISTS t3 CASCADE;
7178
DROPFUNCTION IF EXISTS f1() CASCADE;
7279
DROPFUNCTION IF EXISTS f2() CASCADE;
7380
DROPFUNCTION IF EXISTS f3() CASCADE;
81+
DROPFUNCTION IF EXISTS f4() CASCADE;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp