Skip to content

Commit

Permalink
For functions declared as SECURITY DEFINER, explicitely set the searc…
Browse files Browse the repository at this point in the history 
…h_path to "pg_catalog,pg_temp". This fixes a security vulnerability that could allow a non superuser role to acquire more rights. However, the rollback functions are not yet processed because this requires changes in the way the dblink functions are called. This is left for a later commit.
  • Loading branch information
@beaud76
beaud76 committed May 25, 2019
1 parent 2d23f4c commit 346720a
Show file tree
Hide file tree
Showing 13 changed files with 1,391 additions and 136 deletions.
1 change: 1 addition & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ E-Maj - Change log
* Minor coding improvements.

###Bug fixes:###
* Fix a security vulnerability with functions declared as SECURITY DEFINER.
* When checking the emaj_group_def table content, duplicate emaj names
prefix were sometimes erroneously detected.
* Fix the emaj_delete_before_mark_group() function call. In some rare cases,
Expand Down
1,188 changes: 1,173 additions & 15 deletions sql/emaj--3.0.0--devel.sql
View file

Large diffs are not rendered by default.

104 changes: 68 additions & 36 deletions sql/emaj--devel.sql
View file

Large diffs are not rendered by default.

104 changes: 68 additions & 36 deletions sql/emaj-devel.sql
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions test/10/expected/adm2.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2609,7 +2609,7 @@ select rlbp_rlbk_id, rlbp_step, rlbp_schema, rlbp_table, rlbp_object, rlbp_targe
10000 | SET_FK_IMM | myschema2 | mytbl4 | mytbl4_col43_fkey | | 1 | 1 | | 4 | 3 |
10000 | SET_FK_IMM | myschema2 | mytbl6 | mytbl6_col61_fkey | | 2 | 1 | | 3 | 3 |
10000 | SET_FK_IMM | myschema2 | mytbl8 | mytbl8_col81_fkey | | 2 | 1 | | 3 | 3 |
10000 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 1 | 1 | FOREIGN KEY (col44, col45) REFERENCES mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 3 |
10000 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 1 | 1 | FOREIGN KEY (col44, col45) REFERENCES myschema2.mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 3 |
10000 | CTRL-DBLINK | | | | | | | | 10 | 3 |
10001 | DROP_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | | | 2 |
10001 | SET_FK_DEF | myschema2 | mytbl6 | mytbl6_col61_fkey | | 1 | 1 | | | 2 |
Expand All @@ -2620,7 +2620,7 @@ select rlbp_rlbk_id, rlbp_step, rlbp_schema, rlbp_table, rlbp_object, rlbp_targe
10001 | SET_FK_IMM | myschema2 | mytbl4 | mytbl4_col43_fkey | | 2 | 1 | | 2 | 2 |
10001 | SET_FK_IMM | myschema2 | mytbl6 | mytbl6_col61_fkey | | 1 | 1 | | 3 | 2 |
10001 | SET_FK_IMM | myschema2 | mytbl8 | mytbl8_col81_fkey | | 1 | 1 | | 3 | 2 |
10001 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | FOREIGN KEY (col44, col45) REFERENCES mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 1 |
10001 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | FOREIGN KEY (col44, col45) REFERENCES myschema2.mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 1 |
10001 | CTRL-DBLINK | | | | | | | | 10 | 2 |
10002 | DIS_LOG_TRG | myschema1 | mytbl1 | | | 1 | 1 | | | 2 |
10002 | DIS_LOG_TRG | myschema1 | mytbl4 | | | 1 | 1 | | | 2 |
Expand Down
2 changes: 1 addition & 1 deletion test/10/expected/alter.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ alter table myschema1.mytbl1_new_name set schema public;
update emaj.emaj_group_def set grpdef_schema = 'public'
where grpdef_schema = 'myschema1' and grpdef_tblseq = 'mytbl1_new_name';
select emaj.emaj_alter_group('myGroup1');
NOTICE: drop cascades to trigger emaj_log_trg on table mytbl1_new_name
NOTICE: drop cascades to trigger emaj_log_trg on table public.mytbl1_new_name
NOTICE: table "mytbl1_new_name_log" does not exist, skipping
NOTICE: trigger "emaj_log_trg" for relation "public.mytbl1_new_name" does not exist, skipping
emaj_alter_group
Expand Down
4 changes: 2 additions & 2 deletions test/11/expected/adm2.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2611,7 +2611,7 @@ select rlbp_rlbk_id, rlbp_step, rlbp_schema, rlbp_table, rlbp_object, rlbp_targe
10000 | SET_FK_IMM | myschema2 | mytbl4 | mytbl4_col43_fkey | | 1 | 1 | | 4 | 3 |
10000 | SET_FK_IMM | myschema2 | mytbl6 | mytbl6_col61_fkey | | 2 | 1 | | 3 | 3 |
10000 | SET_FK_IMM | myschema2 | mytbl8 | mytbl8_col81_fkey | | 2 | 1 | | 3 | 3 |
10000 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 1 | 1 | FOREIGN KEY (col44, col45) REFERENCES mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 3 |
10000 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 1 | 1 | FOREIGN KEY (col44, col45) REFERENCES myschema2.mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 3 |
10000 | CTRL-DBLINK | | | | | | | | 10 | 3 |
10001 | DROP_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | | | 2 |
10001 | SET_FK_DEF | myschema2 | mytbl6 | mytbl6_col61_fkey | | 1 | 1 | | | 2 |
Expand All @@ -2622,7 +2622,7 @@ select rlbp_rlbk_id, rlbp_step, rlbp_schema, rlbp_table, rlbp_object, rlbp_targe
10001 | SET_FK_IMM | myschema2 | mytbl4 | mytbl4_col43_fkey | | 2 | 1 | | 2 | 2 |
10001 | SET_FK_IMM | myschema2 | mytbl6 | mytbl6_col61_fkey | | 1 | 1 | | 3 | 2 |
10001 | SET_FK_IMM | myschema2 | mytbl8 | mytbl8_col81_fkey | | 1 | 1 | | 3 | 2 |
10001 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | FOREIGN KEY (col44, col45) REFERENCES mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 1 |
10001 | ADD_FK | myschema2 | mytbl4 | mytbl4_col44_fkey | | 2 | 1 | FOREIGN KEY (col44, col45) REFERENCES myschema2.mytbl1(col11, col12) ON UPDATE SET NULL ON DELETE CASCADE | 2 | 1 |
10001 | CTRL-DBLINK | | | | | | | | 10 | 2 |
10002 | DIS_LOG_TRG | myschema1 | mytbl1 | | | 1 | 1 | | | 2 |
10002 | DIS_LOG_TRG | myschema1 | mytbl4 | | | 1 | 1 | | | 2 |
Expand Down
2 changes: 1 addition & 1 deletion test/11/expected/alter.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ alter table myschema1.mytbl1_new_name set schema public;
update emaj.emaj_group_def set grpdef_schema = 'public'
where grpdef_schema = 'myschema1' and grpdef_tblseq = 'mytbl1_new_name';
select emaj.emaj_alter_group('myGroup1');
NOTICE: drop cascades to trigger emaj_log_trg on table mytbl1_new_name
NOTICE: drop cascades to trigger emaj_log_trg on table public.mytbl1_new_name
NOTICE: table "mytbl1_new_name_log" does not exist, skipping
NOTICE: trigger "emaj_log_trg" for relation "public.mytbl1_new_name" does not exist, skipping
emaj_alter_group
Expand Down

0 comments on commit 346720a

Please sign in to comment.