NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commita2944d8

committed

Fix missed corner cases for grantable permissions on GUCs.

We allow users to set the values of not-yet-loaded extension GUCs,remembering those values in "placeholder" GUC entries. When/ifthe extension is loaded later in the session, we need to verify thatthe user had permissions to set the GUC. That was done correctlybefore commita0ffa88, but as of that commit, we'd check thepermissions of the active role when the LOAD happens, not the rolethat had set the value. (This'd be a security bug if it had made itinto a released version.)In principle this is simple enough to fix: we just need to rememberthe exact role OID that set each GUC value, and use that notGetUserID() when verifying permissions. Maintaining that data inthe guc.c data structures is slightly tedious, but fortunately it'sall basically just copy-n-paste of the logic for tracking theGucSource of each setting, as we were already doing.Another oversight is that validate_option_array_item() hadn'tbeen taught to check for granted GUC privileges. This appearsto manifest only in that ALTER ROLE/DATABASE RESET ALL willfail to reset settings that the user should be allowed to reset.Patch by myself and Nathan Bossart, per report from Nathan Bossart.Back-patch to v15 where the faulty code came in.Discussion:https://postgr.es/m/20220706224727.GA2158260@nathanxps13

1 parent795ccd4 commita2944d8Copy full SHA for a2944d8

File tree

8 files changed

+280

-59

lines changed

src
- backend
  - commands
    - extension.c
  - utils/misc
    - guc.c
- include/utils
  - guc.h
  - guc_tables.h
- pl/plperl
  - expected
    - plperl_init.out
  - sql
    - plperl_init.sql
- test/modules/unsafe_tests
  - expected
    - guc_privs.out
  - sql
    - guc_privs.sql

8 files changed

+280

-59

lines changed

`‎src/backend/commands/extension.c`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -907,6 +907,9 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,`
`907`	`907`	`* We use the equivalent of a function SET option to allow the setting to`
`908`	`908`	`* persist for exactly the duration of the script execution. guc.c also`
`909`	`909`	`* takes care of undoing the setting on error.`
	`910`	`+ *`
	`911`	`+ * log_min_messages can't be set by ordinary users, so for that one we`
	`912`	`+ * pretend to be superuser.`
`910`	`913`	`*/`
`911`	`914`	`save_nestlevel=NewGUCNestLevel();`
`912`	`915`
`@@ -915,9 +918,10 @@ execute_extension_script(Oid extensionOid, ExtensionControlFile *control,`
`915`	`918`	`PGC_USERSET,PGC_S_SESSION,`
`916`	`919`	`GUC_ACTION_SAVE, true,0, false);`
`917`	`920`	`if (log_min_messages<WARNING)`
`918`		`-(void)set_config_option("log_min_messages","warning",`
`919`		`-PGC_SUSET,PGC_S_SESSION,`
`920`		`-GUC_ACTION_SAVE, true,0, false);`
	`921`	`+(void)set_config_option_ext("log_min_messages","warning",`
	`922`	`+PGC_SUSET,PGC_S_SESSION,`
	`923`	`+BOOTSTRAP_SUPERUSERID,`
	`924`	`+GUC_ACTION_SAVE, true,0, false);`
`921`	`925`
`922`	`926`	`/*`
`923`	`927`	`* Similarly disable check_function_bodies, to ensure that SQL functions`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita2944d8

File tree

8 files changed

8 files changed

`‎src/backend/commands/extension.c`

0 commit comments