Permalink
Browse files

Fixed CORE-5657: Various UDF-related security vulnerabilities

  • Loading branch information...
AlexPeshkoff committed Nov 9, 2017
1 parent 820a64e commit b9c17656e91fc488197db4a713314853b6945f07
@@ -113,7 +113,7 @@ copyFiles() {
mkdir $DestDir/UDF
mkdir $DestDir/misc
mkdir $DestDir/misc/upgrade
for i in ib_udf metadata security; do
for i in metadata security; do
mkdir $DestDir/misc/upgrade/$i
done
@@ -184,16 +184,8 @@ copyFiles() {
cp $BuiltFBDir/intl/libfbintl.so $DestDir/intl/fbintl
cp $BuiltFBDir/UDF/ib_udf.so $DestDir/UDF/
cp $BuiltFBDir/UDF/fbudf.so $DestDir/UDF/
# Note that the following items copy files from outside the build tree
# Copy the sql-declarations into the UDF-directory
cp $BuildRootDir/src/extlib/ib_udf.sql $DestDir/UDF/
cp $BuildRootDir/src/extlib/ib_udf2.sql $DestDir/UDF/
cp $BuildRootDir/src/extlib/fbudf/fbudf.sql $DestDir/UDF/
# Copy various documentation
ls $BuildRootDir/doc/*.pdf >/dev/null 2>&1 && cp $BuildRootDir/doc/*.pdf $DestDir/doc
cp $BuildRootDir/doc/sql.extensions/README* $DestDir/doc/sql.extensions
@@ -139,7 +139,7 @@ copyFiles() {
makeDirs "@FB_BINDIR@ @FB_SBINDIR@ @FB_CONFDIR@ @FB_LIBDIR@ @FB_INCDIR@ @FB_DOCDIR@/sql.extensions @FB_UDFDIR@ @FB_SAMPLEDIR@ \
@FB_SAMPLEDBDIR@ @FB_HELPDIR@ @FB_INTLDIR@ @FB_MISCDIR@ @FB_SECDBDIR@ @FB_MSGDIR@ @FB_LOGDIR@ @FB_GUARDDIR@ @FB_PLUGDIR@"
for i in ib_udf metadata security; do
for i in metadata security; do
makeDirs @FB_MISCDIR@/upgrade/$i
done
@@ -263,18 +263,7 @@ copyFiles() {
chmod 0755 ${TargetDir}@FB_INTLDIR@/fbintl
chmod 0644 ${TargetDir}@FB_INTLDIR@/fbintl.conf
#UDF
cp $BuiltFBDir/UDF/ib_udf.so ${TargetDir}@FB_UDFDIR@
cp $BuiltFBDir/UDF/fbudf.so ${TargetDir}@FB_UDFDIR@
# Note that the following items copy files from outside the build tree.
# Copy the sql-declarations into the UDF-directory
cp $BuildRootDir/src/extlib/ib_udf.sql ${TargetDir}@FB_UDFDIR@
cp $BuildRootDir/src/extlib/ib_udf2.sql ${TargetDir}@FB_UDFDIR@
cp $BuildRootDir/src/extlib/fbudf/fbudf.sql ${TargetDir}@FB_UDFDIR@
chown root:wheel ${TargetDir}@FB_UDFDIR@/*.so ${TargetDir}@FB_UDFDIR@/*.sql
chmod 0755 ${TargetDir}@FB_UDFDIR@/*.so
chmod 0644 ${TargetDir}@FB_UDFDIR@/*.sql
#doc
cp $BuildRootDir/doc/README.* ${TargetDir}@FB_DOCDIR@
@@ -262,17 +262,8 @@ copyFiles() {
chmod 0755 ${TargetDir}@FB_INTLDIR@/fbintl
chmod 0644 ${TargetDir}@FB_INTLDIR@/fbintl.conf
#UDF
cp $BuiltFBDir/UDF/ib_udf.so ${TargetDir}@FB_UDFDIR@
cp $BuiltFBDir/UDF/fbudf.so ${TargetDir}@FB_UDFDIR@
# Note that the following items copy files from outside the build tree.
# Copy the sql-declarations into the UDF-directory
cp $BuildRootDir/src/extlib/ib_udf.sql ${TargetDir}@FB_UDFDIR@
cp $BuildRootDir/src/extlib/ib_udf2.sql ${TargetDir}@FB_UDFDIR@
cp $BuildRootDir/src/extlib/fbudf/fbudf.sql ${TargetDir}@FB_UDFDIR@
chmod 0755 ${TargetDir}@FB_UDFDIR@/*.so
chmod 0644 ${TargetDir}@FB_UDFDIR@/*.sql
#doc
cp $BuildRootDir/doc/*.pdf ${TargetDir}@FB_DOCDIR@
@@ -179,12 +179,6 @@ cp -Rf $BuiltFBDir/lib/libfbclient.so* $DestDir/lib || exit
cp -f $BuiltFBDir/lib/libib_util.so $DestDir/lib/libib_util.so || exit
cp $BuiltFBDir/intl/libfbintl.so $DestDir/intl/fbintl || exit
cp $BuiltFBDir/UDF/ib_udf.so $DestDir/UDF/ || exit
cp $BuiltFBDir/UDF/fbudf.so $DestDir/UDF/ || exit
# Copy the sql-declarations into the UDF-directory
cp $BuildRootDir/src/extlib/ib_udf.sql $DestDir/UDF/ || exit
cp $BuildRootDir/src/extlib/fbudf/fbudf.sql $DestDir/UDF/ || exit
# Note that this copies files from outside the build tree.
echo Installing documentation
@@ -287,23 +287,6 @@ if "%PROCESSOR_ARCHITECTURE%"=="x86" (
goto :EOF
)
@echo Copying udf library scripts...
for %%v in ( ib_udf.sql ib_udf2.sql ) do (
@copy /Y %FB_ROOT_PATH%\src\extlib\%%v %FB_OUTPUT_DIR%\udf\%%v > nul
@if %ERRORLEVEL% GEQ 1 (
call :ERROR copy /Y %FB_ROOT_PATH%\src\extlib\%%v %FB_OUTPUT_DIR%\udf\%%v failed with error %ERRORLEVEL%.
goto :EOF
)
)
for %%v in ( fbudf.sql fbudf.txt ) do (
@copy /Y %FB_ROOT_PATH%\src\extlib\fbudf\%%v %FB_OUTPUT_DIR%\UDF\%%v > nul
@if %ERRORLEVEL% GEQ 1 (
call :ERROR copy /Y %FB_ROOT_PATH%\src\extlib\fbudf\%%v %FB_OUTPUT_DIR%\UDF\%%v failed with error %ERRORLEVEL%.
goto :EOF
)
)
:: Various upgrade scripts and docs
mkdir %FB_OUTPUT_DIR%\misc\upgrade\security 2>nul
@copy %FB_ROOT_PATH%\src\misc\upgrade\v3.0\security_* %FB_OUTPUT_DIR%\misc\upgrade\security > nul
@@ -180,12 +180,11 @@
# NOTE: THE EXTERNAL FUNCTION ENGINE FEATURE COULD BE USED TO COMPROMISE
# THE SERVER/HOST AS WELL AS DATABASE SECURITY!!
#
# IT IS STRONGLY RECOMMENDED THAT THIS SETTING BE USED TO LIMIT
# EXTERNAL FUNCTION LOCATIONS!
# IT IS STRONGLY RECOMMENDED THAT THIS SETTING BE SET TO NONE!
#
# Type: string (special format)
#
#UdfAccess = Restrict UDF
#UdfAccess = None
# ----------------------------
View
@@ -396,27 +396,10 @@ msg.timestamp: $(MSG_FILES)
$(TOUCH) $@
.PHONY: udfs ibutil ibudf fbudf udfsupport
.PHONY: ibutil udfsupport
udfsupport:
$(MAKE) ibutil
$(MAKE) udfs
udfs: ibudf fbudf
UDF = $(FB_BUILD)/UDF
IBUDF_SO = $(UDF)/ib_udf.$(SHRLIB_EXT)
FBUDF_SO = $(UDF)/fbudf.$(SHRLIB_EXT)
ibudf: $(IBUDF_SO)
$(IBUDF_SO): $(IBUDF_Objects)
$(call LINK_UDF,ib_udf) -o $@ $^ $(LINK_UDF_LIBS)
fbudf: $(FBUDF_SO)
$(FBUDF_SO): $(FBUDF_Objects) $(COMMON_LIB)
$(call LINK_UDF,fbudf) -o $@ $^ $(LINK_UDF_LIBS) $(FIREBIRD_LIBRARY_LINK)
ibutil: $(LIBIBUTIL_SO)
@@ -425,7 +408,7 @@ $(LIBIBUTIL_SO): $(UTIL_Objects)
#___________________________________________________________________________
# most of utilities, including network server and UDFs
# most of utilities, including network server and UDF support
# qli is not here cause it needs special database (help.fdb), therefore needs gbak
#
@@ -498,20 +481,22 @@ $(NBACKUP): $(NBACKUP_Objects) $(COMMON_LIB)
# plugins - some of them are required to build examples, use separate entry for them
#
.PHONY: udr legacy_user_management legacy_auth_server trace auth_debug
.PHONY: udr legacy_user_management legacy_auth_server trace auth_debug udf_compat
UDR_PLUGIN = $(call makePluginName,udr_engine)
LEGACY_USER_MANAGER = $(call makePluginName,Legacy_UserManager)
LEGACY_AUTH_SERVER = $(call makePluginName,Legacy_Auth)
SRP_USER_MANAGER = $(call makePluginName,Srp)
FBTRACE = $(call makePluginName,fbtrace)
AUTH_DEBUGGER = $(call makePluginName,Auth_Debug)
UDF_BACKWARD_COMPATIBILITY_BASENAME = $(LIB_PREFIX)udf_compat.$(SHRLIB_EXT)
UDF_BACKWARD_COMPATIBILITY = $(PLUGINS)/udr/$(UDF_BACKWARD_COMPATIBILITY_BASENAME)
BUILD_DEBUG:=
ifeq ($(TARGET),Debug)
BUILD_DEBUG:=auth_debug
endif
plugins: udr legacy_user_management legacy_auth_server srp_user_management trace $(BUILD_DEBUG)
plugins: udr legacy_user_management legacy_auth_server srp_user_management trace $(BUILD_DEBUG) udf_compat
udr: $(UDR_PLUGIN) $(PLUGINS)/udr_engine.conf
@@ -546,6 +531,15 @@ srp_user_management: $(SRP_USER_MANAGER)
$(SRP_USER_MANAGER): $(SRP_USERS_MANAGE_Objects) $(COMMON_LIB)
$(LINK_PLUGIN) $(call LIB_LINK_SONAME,$(notdir $@).0) -o $@ $^ $(LINK_PLUG_LIBS) $(FIREBIRD_LIBRARY_LINK)
udf_compat: $(UDF_BACKWARD_COMPATIBILITY) $(COMPAT_SQL)
$(UDF_BACKWARD_COMPATIBILITY): $(COMPAT_Objects)
$(LIB_LINK) $(LIB_LINK_OPTIONS) $(call LIB_LINK_SONAME,$(UDF_BACKWARD_COMPATIBILITY_BASENAME)) \
$(LINK_UDR_PLUGIN_SYMBOLS) $(LIB_PATH_OPTS) $(UNDEF_FLAGS) -o $@ $^ $(THR_LIBS)
$(COMPAT_SQL): $(SRC_COMPAT_SQL)
cp $^ $@
#___________________________________________________________________________
# codes - developers change them sometimes
#
@@ -196,11 +196,14 @@ AllObjects += $(UDRENG_Objects)
# UDF support
IBUDF_Objects:= $(call makeObjects,extlib,ib_udf.cpp)
FBUDF_Objects:= $(call makeObjects,extlib/fbudf,fbudf.cpp)
UTIL_Objects:= $(call makeObjects,extlib,ib_util.cpp)
AllObjects += $(IBUDF_Objects) $(FBUDF_Objects) $(UTIL_Objects)
# UDR backward compatible with distributed UDFs
COMPAT_Objects:= $(call makeObjects,extlib,UdfBackwardCompatibility.cpp)
SRC_COMPAT_SQL:= $(SRC_ROOT)/extlib/UdfBackwardCompatibility.sql
COMPAT_SQL:= $(PLUGINS)/udr/udf_compat.sql
AllObjects += $(UTIL_Objects) $(COMPAT_Objects)
# Regenerate error codes
@@ -96,8 +96,6 @@ darwin_finish_cs_framework:
chmod +x ../builds/install/arch-specific/darwin/changeMultiConnectMode
cp ../builds/install/arch-specific/darwin/changeMultiConnectMode \
$(FB_FW)/Resources/bin/changeMultiConnectMode.sh
cp ../src/extlib/ib_udf.sql $(FB_FW)/Resources/English.lproj/var/UDF
cp ../src/extlib/fbudf/fbudf.sql $(FB_FW)/Resources/English.lproj/var/UDF
cp ../builds/install/arch-specific/darwin/FrameworkInfo.plist \
$(FB_FW)/Resources/Info.plist
cp ../builds/install/arch-specific/darwin/launchd.org.firebird.gds.plist \
@@ -165,8 +163,6 @@ darwin_finish_ss_framework:
cp ../gen/firebird/bin/gdef $(FB_FW)/Resources/bin
cp ../gen/firebird/bin/fbsvcmgr $(FB_FW)/Resources/bin
cp ../gen/firebird/bin/fbtracemgr $(FB_FW)/Resources/bin
cp ../src/extlib/ib_udf.sql $(FB_FW)/Resources/English.lproj/var/UDF
cp ../src/extlib/fbudf/fbudf.sql $(FB_FW)/Resources/English.lproj/var/UDF
cp ../builds/install/arch-specific/darwin/FrameworkInfo.plist \
$(FB_FW)/Resources/Info.plist
cp ../builds/install/arch-specific/darwin/launchdss.org.firebird.gds.plist \
@@ -0,0 +1,32 @@
********************************************************************************
LIST OF KNOWN INCOMPATIBILITIES
between versions 3.0 and 4.0
********************************************************************************
This document describes all the changes that make v4.0 incompatible in any way
as compared with the previous releases and hence could affect your databases and
applications.
Please read the below descriptions carefully before upgrading your software to
the new Firebird version.
Deprecating UDF
--------------------------
* Initial design of UDF always used to be security problem. The most dangerous
security holes when UDFs and external tables are used simultaneousky were
fixed in FB 1.5. But even after it incorrectly declared (using SQL statement
DECLARE EXTERNAL FUNCTION) UDF can easily cause various security issues like
server crash or execution of arbitrary code. Therefore UDFs are deprecated
in v.4. That means that UDFs can't be used with default configuration
(parameter "UdfAccess" set to "None") and all sample UDF libraries (ib_udf,
fbudf) are not distributed any more. Most of functions in that libraries
were replaced with builtin analogs in previous versions and therefore
already deprecated. A few remaining functions got safe replacement in UDR
library "udf_compat", namely div, frac, dow, sdow, getExactTimestampUTC and
isLeapYear. Users who still wish to use UDFs should set "UdfAccess" to
"Restrict <path-list>". If you never used to modify this parameter before
path-list is just UDF and resulting line in firebird.conf should be:
UdfAccess = Restrict UDF
Recommended long-term solution is replacing of UDF with UDR.
@@ -162,8 +162,8 @@ const Config::ConfigEntry Config::entries[MAX_CONFIG_KEY] =
{TYPE_STRING, "RemoteBindAddress", (ConfigValue) 0},
{TYPE_STRING, "ExternalFileAccess", (ConfigValue) "None"}, // location(s) of external files for tables
{TYPE_STRING, "DatabaseAccess", (ConfigValue) "Full"}, // location(s) of databases
#define UDF_DEFAULT_CONFIG_VALUE "Restrict UDF"
{TYPE_STRING, "UdfAccess", (ConfigValue) UDF_DEFAULT_CONFIG_VALUE}, // location(s) of UDFs
#define UDF_DEFAULT_RESTRICT_VALUE "Restrict UDF" // use it to substitute FB_UDFDIR value
{TYPE_STRING, "UdfAccess", (ConfigValue) "None"}, // location(s) of UDFs
{TYPE_STRING, "TempDirectories", (ConfigValue) 0},
#ifdef DEV_BUILD
{TYPE_BOOLEAN, "BugcheckAbort", (ConfigValue) true}, // whether to abort() engine when internal error is found
@@ -595,8 +595,8 @@ const char *Config::getUdfAccess()
}
const char* v = (const char*) getDefaultConfig()->values[KEY_UDF_ACCESS];
if (CASE_SENSITIVITY ? (! strcmp(v, UDF_DEFAULT_CONFIG_VALUE) && FB_UDFDIR[0]) :
(! fb_utils::stricmp(v, UDF_DEFAULT_CONFIG_VALUE) && FB_UDFDIR[0]))
if (CASE_SENSITIVITY ? (! strcmp(v, UDF_DEFAULT_RESTRICT_VALUE) && FB_UDFDIR[0]) :
(! fb_utils::stricmp(v, UDF_DEFAULT_RESTRICT_VALUE) && FB_UDFDIR[0]))
{
udfValue->printf("Restrict %s", FB_UDFDIR);
value = udfValue->c_str();
Oops, something went wrong.

0 comments on commit b9c1765

Please sign in to comment.