CVE-2019-10130
This commit is contained in:
gu-gu-gu
parent
b70b954d2c
commit
1a40db6e0a
75
CVE-2019-10130.patch
Normal file
75
CVE-2019-10130.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
From 1aebfbea83c4a3e1a0aba4b0910135dc5a45666c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dean Rasheed <dean.a.rasheed@gmail.com>
|
||||||
|
Date: Mon, 6 May 2019 11:38:43 +0100
|
||||||
|
Subject: [PATCH] Fix security checks for selectivity estimation functions with
|
||||||
|
RLS.
|
||||||
|
|
||||||
|
In commit e2d4ef8de8, security checks were added to prevent
|
||||||
|
user-supplied operators from running over data from pg_statistic
|
||||||
|
unless the user has table or column privileges on the table, or the
|
||||||
|
operator is leakproof. For a table with RLS, however, checking for
|
||||||
|
table or column privileges is insufficient, since that does not
|
||||||
|
guarantee that the user has permission to view all of the column's
|
||||||
|
data.
|
||||||
|
|
||||||
|
Fix this by also checking for securityQuals on the RTE, and insisting
|
||||||
|
that the operator be leakproof if there are any. Thus the
|
||||||
|
leakproofness check will only be skipped if there are no securityQuals
|
||||||
|
and the user has table or column privileges on the table -- i.e., only
|
||||||
|
if we know that the user has access to all the data in the column.
|
||||||
|
|
||||||
|
Back-patch to 9.5 where RLS was added.
|
||||||
|
|
||||||
|
Dean Rasheed, reviewed by Jonathan Katz and Stephen Frost.
|
||||||
|
|
||||||
|
Security: CVE-2019-10130
|
||||||
|
---
|
||||||
|
src/backend/utils/adt/selfuncs.c | 21 +++++++++++++++------
|
||||||
|
src/test/regress/expected/rowsecurity.out | 21 +++++++++++++++++++++
|
||||||
|
src/test/regress/sql/rowsecurity.sql | 20 ++++++++++++++++++++
|
||||||
|
3 files changed, 56 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/backend/utils/adt/selfuncs.c b/src/backend/utils/adt/selfuncs.c
|
||||||
|
index b41991315520..514612857ad6 100644
|
||||||
|
--- a/src/backend/utils/adt/selfuncs.c
|
||||||
|
+++ b/src/backend/utils/adt/selfuncs.c
|
||||||
|
@@ -4597,9 +4597,13 @@ examine_variable(PlannerInfo *root, Node *node, int varRelid,
|
||||||
|
* For simplicity, we insist on the whole
|
||||||
|
* table being selectable, rather than trying
|
||||||
|
* to identify which column(s) the index
|
||||||
|
- * depends on.
|
||||||
|
+ * depends on. Also require all rows to be
|
||||||
|
+ * selectable --- there must be no
|
||||||
|
+ * securityQuals from security barrier views
|
||||||
|
+ * or RLS policies.
|
||||||
|
*/
|
||||||
|
vardata->acl_ok =
|
||||||
|
+ rte->securityQuals == NIL &&
|
||||||
|
(pg_class_aclcheck(rte->relid, GetUserId(),
|
||||||
|
ACL_SELECT) == ACLCHECK_OK);
|
||||||
|
}
|
||||||
|
@@ -4663,12 +4667,17 @@ examine_simple_variable(PlannerInfo *root, Var *var,
|
||||||
|
|
||||||
|
if (HeapTupleIsValid(vardata->statsTuple))
|
||||||
|
{
|
||||||
|
- /* check if user has permission to read this column */
|
||||||
|
+ /*
|
||||||
|
+ * Check if user has permission to read this column. We require
|
||||||
|
+ * all rows to be accessible, so there must be no securityQuals
|
||||||
|
+ * from security barrier views or RLS policies.
|
||||||
|
+ */
|
||||||
|
vardata->acl_ok =
|
||||||
|
- (pg_class_aclcheck(rte->relid, GetUserId(),
|
||||||
|
- ACL_SELECT) == ACLCHECK_OK) ||
|
||||||
|
- (pg_attribute_aclcheck(rte->relid, var->varattno, GetUserId(),
|
||||||
|
- ACL_SELECT) == ACLCHECK_OK);
|
||||||
|
+ rte->securityQuals == NIL &&
|
||||||
|
+ ((pg_class_aclcheck(rte->relid, GetUserId(),
|
||||||
|
+ ACL_SELECT) == ACLCHECK_OK) ||
|
||||||
|
+ (pg_attribute_aclcheck(rte->relid, var->varattno, GetUserId(),
|
||||||
|
+ ACL_SELECT) == ACLCHECK_OK));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.11.0
|
||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
Name: postgresql
|
Name: postgresql
|
||||||
Version: 10.5
|
Version: 10.5
|
||||||
Release: 9
|
Release: 10
|
||||||
Summary: PostgreSQL client programs
|
Summary: PostgreSQL client programs
|
||||||
License: PostgreSQL
|
License: PostgreSQL
|
||||||
URL: http://www.postgresql.org/
|
URL: http://www.postgresql.org/
|
||||||
@ -20,6 +20,7 @@ Patch6000: 6000-CVE-2019-10164-1.patch
|
|||||||
Patch6001: 6001-CVE-2019-10164-2.patch
|
Patch6001: 6001-CVE-2019-10164-2.patch
|
||||||
Patch6002: CVE-2019-10208.patch
|
Patch6002: CVE-2019-10208.patch
|
||||||
Patch6003: CVE-2018-16850.patch
|
Patch6003: CVE-2018-16850.patch
|
||||||
|
Patch6004: CVE-2019-10130.patch
|
||||||
|
|
||||||
BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk perl(ExtUtils::Embed)
|
BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk perl(ExtUtils::Embed)
|
||||||
BuildRequires: perl-devel perl-generators readline-devel zlib-devel systemd systemd-devel
|
BuildRequires: perl-devel perl-generators readline-devel zlib-devel systemd systemd-devel
|
||||||
@ -180,6 +181,7 @@ PostgreSQL database management system, including regression tests and benchmarks
|
|||||||
%patch6001 -p1
|
%patch6001 -p1
|
||||||
%patch6002 -p1
|
%patch6002 -p1
|
||||||
%patch6003 -p1
|
%patch6003 -p1
|
||||||
|
%patch6004 -p1
|
||||||
|
|
||||||
tar xfj %{SOURCE1}
|
tar xfj %{SOURCE1}
|
||||||
find . -type f -name .gitignore | xargs rm
|
find . -type f -name .gitignore | xargs rm
|
||||||
@ -534,6 +536,12 @@ make -C postgresql-setup-8.2 check
|
|||||||
%attr(-,postgres,postgres) %{_libdir}/postgresql/test
|
%attr(-,postgres,postgres) %{_libdir}/postgresql/test
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 3 2020 chenli <chenli147@huawei.com> 10.5-10
|
||||||
|
- Type:cve
|
||||||
|
- ID:CVE-2019-10130
|
||||||
|
- SUG: NA
|
||||||
|
- DESC: fix CVE-2019-10130
|
||||||
|
|
||||||
* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.5-9
|
* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.5-9
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user