| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: adminpack: Revoke EXECUTE on pg_logfile_rotate() |
| Date: | 2018-05-07 14:12:43 |
| Message-ID: | E1fFgsd-0004rq-T1@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
adminpack: Revoke EXECUTE on pg_logfile_rotate()
In 9.6, we moved a number of functions over to using the GRANT system to
control access instead of having hard-coded superuser checks.
As it turns out, adminpack was creating another function in the catalog
for one of those backend functions where the superuser check was
removed, specifically pg_rotate_logfile(), but it didn't get the memo
about having to REVOKE EXECUTE on the alternative-name function
(pg_logfile_rotate()), meaning that in any installations with adminpack
on 9.6 and higher, any user is able to run the pg_logfile_rotate()
function, which then calls pg_rotate_logfile() and rotates the logfile.
Fix by adding a new version of adminpack (1.1) which handles the REVOKE.
As this function should have only been available to the superuser, this
is a security issue, albeit a minor one.
Security: CVE-2018-1115
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/20f01fc45996238f7f1007ba704d30663955150a
Modified Files
--------------
contrib/adminpack/Makefile | 2 +-
contrib/adminpack/adminpack--1.0--1.1.sql | 6 ++++++
contrib/adminpack/adminpack.control | 2 +-
3 files changed, 8 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2018-05-07 14:21:57 | pgsql: doc: Fix minor markup issue |
| Previous Message | Robert Haas | 2018-05-07 13:52:38 | pgsql: Documentation updates for partitioning. |