NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitbebe904

committed

Use @extschema:name@ notation in contrib transform modules.

Harden hstore_plperl, hstore_plpython, and ltree_plpythonagainst search-path-based attacks by using @extschema:name@notation to refer to the underlying hstore or ltree data type.This allows removal of the previous documentation warningsuggesting that they must be installed in the same schema asthe underlying data type. In passing, also improve a para inextend.sgml to suggest using @extschema:name@ for such purposes.Discussion:https://postgr.es/m/692480.1736021695@sss.pgh.pa.us

1 parentebd8fc7 commitbebe904Copy full SHA for bebe904

File tree

7 files changed

+13

-35

lines changed

contrib
- hstore_plperl
  - hstore_plperl--1.0.sql
  - hstore_plperlu--1.0.sql
- hstore_plpython
  - hstore_plpython3u--1.0.sql
- ltree_plpython
  - ltree_plpython3u--1.0.sql
doc/src/sgml

7 files changed

+13

-35

lines changed

`‎contrib/hstore_plperl/hstore_plperl--1.0.sql`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,11 +7,11 @@ CREATE FUNCTION hstore_to_plperl(val internal) RETURNS internal`
`7`	`7`	`LANGUAGE C STRICT IMMUTABLE`
`8`	`8`	`AS'MODULE_PATHNAME';`
`9`	`9`
`10`		`-CREATEFUNCTIONplperl_to_hstore(val internal) RETURNS hstore`
	`10`	`+CREATEFUNCTIONplperl_to_hstore(val internal) RETURNS@extschema:hstore@.hstore`
`11`	`11`	`LANGUAGE C STRICT IMMUTABLE`
`12`	`12`	`AS'MODULE_PATHNAME';`
`13`	`13`
`14`		`-CREATE TRANSFORM FOR hstore LANGUAGE plperl (`
	`14`	`+CREATE TRANSFORM FOR@extschema:hstore@.hstore LANGUAGE plperl (`
`15`	`15`	`FROM SQL WITH FUNCTION hstore_to_plperl(internal),`
`16`	`16`	`TO SQL WITH FUNCTION plperl_to_hstore(internal)`
`17`	`17`	`);`

`‎contrib/hstore_plperl/hstore_plperlu--1.0.sql`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,11 +7,11 @@ CREATE FUNCTION hstore_to_plperlu(val internal) RETURNS internal`
`7`	`7`	`LANGUAGE C STRICT IMMUTABLE`
`8`	`8`	`AS'MODULE_PATHNAME','hstore_to_plperl';`
`9`	`9`
`10`		`-CREATEFUNCTIONplperlu_to_hstore(val internal) RETURNS hstore`
	`10`	`+CREATEFUNCTIONplperlu_to_hstore(val internal) RETURNS@extschema:hstore@.hstore`
`11`	`11`	`LANGUAGE C STRICT IMMUTABLE`
`12`	`12`	`AS'MODULE_PATHNAME','plperl_to_hstore';`
`13`	`13`
`14`		`-CREATE TRANSFORM FOR hstore LANGUAGE plperlu (`
	`14`	`+CREATE TRANSFORM FOR@extschema:hstore@.hstore LANGUAGE plperlu (`
`15`	`15`	`FROM SQL WITH FUNCTION hstore_to_plperlu(internal),`
`16`	`16`	`TO SQL WITH FUNCTION plperlu_to_hstore(internal)`
`17`	`17`	`);`

`‎contrib/hstore_plpython/hstore_plpython3u--1.0.sql`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,13 +7,13 @@ CREATE FUNCTION hstore_to_plpython3(val internal) RETURNS internal`
`7`	`7`	`LANGUAGE C STRICT IMMUTABLE`
`8`	`8`	`AS'MODULE_PATHNAME','hstore_to_plpython';`
`9`	`9`
`10`		`-CREATEFUNCTIONplpython3_to_hstore(val internal) RETURNS hstore`
	`10`	`+CREATEFUNCTIONplpython3_to_hstore(val internal) RETURNS@extschema:hstore@.hstore`
`11`	`11`	`LANGUAGE C STRICT IMMUTABLE`
`12`	`12`	`AS'MODULE_PATHNAME','plpython_to_hstore';`
`13`	`13`
`14`		`-CREATE TRANSFORM FOR hstore LANGUAGE plpython3u (`
	`14`	`+CREATE TRANSFORM FOR@extschema:hstore@.hstore LANGUAGE plpython3u (`
`15`	`15`	`FROM SQL WITH FUNCTION hstore_to_plpython3(internal),`
`16`	`16`	`TO SQL WITH FUNCTION plpython3_to_hstore(internal)`
`17`	`17`	`);`
`18`	`18`
`19`		`-COMMENTON TRANSFORM FOR hstore LANGUAGE plpython3u IS'transform between hstore and Python dict';`
	`19`	`+COMMENTON TRANSFORM FOR@extschema:hstore@.hstore LANGUAGE plpython3u IS'transform between hstore and Python dict';`

`‎contrib/ltree_plpython/ltree_plpython3u--1.0.sql`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,6 @@ CREATE FUNCTION ltree_to_plpython3(val internal) RETURNS internal`
`7`	`7`	`LANGUAGE C STRICT IMMUTABLE`
`8`	`8`	`AS'MODULE_PATHNAME','ltree_to_plpython';`
`9`	`9`
`10`		`-CREATE TRANSFORM FOR ltree LANGUAGE plpython3u (`
	`10`	`+CREATE TRANSFORM FOR@extschema:ltree@.ltree LANGUAGE plpython3u (`
`11`	`11`	`FROM SQL WITH FUNCTION ltree_to_plpython3(internal)`
`12`	`12`	`);`

`‎doc/src/sgml/extend.sgml`

Lines changed: 5 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1348,15 +1348,11 @@ SELECT * FROM pg_extension_update_paths('<replaceable>extension_name</replaceabl`
`1348`	`1348`	`</para>`
`1349`	`1349`
`1350`	`1350`	`<para>`
`1351`		`- Cross-extension references are extremely difficult to make fully`
`1352`		`- secure, partially because of uncertainty about which schema the other`
`1353`		`- extension is in. The hazards are reduced if both extensions are`
`1354`		`- installed in the same schema, because then a hostile object cannot be`
`1355`		`- placed ahead of the referenced extension in the installation-time`
`1356`		`- <varname>search_path</varname>. However, no mechanism currently exists`
`1357`		`- to require that. For now, best practice is to not mark an extension`
`1358`		`- trusted if it depends on another one, unless that other one is always`
`1359`		`- installed in <literal>pg_catalog</literal>.`
	`1351`	`+ Secure cross-extension references typically require schema-qualification`
	`1352`	`+ of the names of the other extension's objects, using the`
	`1353`	`+ <literal>@extschema:<replaceable>name</replaceable>@</literal>`
	`1354`	`+ syntax, in addition to careful matching of argument types for functions`
	`1355`	`+ and operators.`
`1360`	`1356`	`</para>`
`1361`	`1357`	`</sect3>`
`1362`	`1358`	`</sect2>`

`‎doc/src/sgml/hstore.sgml`

Lines changed: 0 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -946,15 +946,6 @@ ALTER TABLE tablename ALTER hstorecol TYPE hstore USING hstorecol \|\| '';`
`946`	`946`	`extension for PL/Python is called <literal>hstore_plpython3u</literal>.`
`947`	`947`	`If you use it, <type>hstore</type> values are mapped to Python dictionaries.`
`948`	`948`	`</para>`
`949`		`-`
`950`		`- <caution>`
`951`		`- <para>`
`952`		`- It is strongly recommended that the transform extensions be installed in`
`953`		`- the same schema as <filename>hstore</filename>. Otherwise there are`
`954`		`- installation-time security hazards if a transform extension's schema`
`955`		`- contains objects defined by a hostile user.`
`956`		`- </para>`
`957`		`- </caution>`
`958`	`949`	`</sect2>`
`959`	`950`
`960`	`951`	`<sect2 id="hstore-authors">`

`‎doc/src/sgml/ltree.sgml`

Lines changed: 0 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -841,15 +841,6 @@ ltreetest=> SELECT ins_label(path,2,'Space') FROM test WHERE path <@ 'Top.`
`841`	`841`	`creating a function, <type>ltree</type> values are mapped to Python lists.`
`842`	`842`	`(The reverse is currently not supported, however.)`
`843`	`843`	`</para>`
`844`		`-`
`845`		`- <caution>`
`846`		`- <para>`
`847`		`- It is strongly recommended that the transform extension be installed in`
`848`		`- the same schema as <filename>ltree</filename>. Otherwise there are`
`849`		`- installation-time security hazards if a transform extension's schema`
`850`		`- contains objects defined by a hostile user.`
`851`		`- </para>`
`852`		`- </caution>`
`853`	`844`	`</sect2>`
`854`	`845`
`855`	`846`	`<sect2 id="ltree-authors">`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbebe904

File tree

7 files changed

7 files changed

`‎contrib/hstore_plperl/hstore_plperl--1.0.sql`

`‎contrib/hstore_plperl/hstore_plperlu--1.0.sql`

`‎contrib/hstore_plpython/hstore_plpython3u--1.0.sql`

`‎contrib/ltree_plpython/ltree_plpython3u--1.0.sql`

`‎doc/src/sgml/extend.sgml`

`‎doc/src/sgml/hstore.sgml`

`‎doc/src/sgml/ltree.sgml`

0 commit comments