openeuler-ci-bot
Gitee
commit
598590a147
42
CVE-2020-1720.patch
Normal file
42
CVE-2020-1720.patch
Normal file
@ -0,0 +1,42 @@
|
||||
From b048f558dd7c26a0c630a2cff29d3d8981eaf6b9 Mon Sep 17 00:00:00 2001
|
||||
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
|
||||
Date: Mon, 10 Feb 2020 11:47:09 -0300
|
||||
Subject: [PATCH] Fix priv checks for ALTER <object> DEPENDS ON EXTENSION
|
||||
|
||||
Marking an object as dependant on an extension did not have any
|
||||
privilege check whatsoever; this allowed any user to mark objects as
|
||||
droppable by anyone able to DROP EXTENSION, which could be used to cause
|
||||
system-wide havoc. Disallow by checking that the calling user owns the
|
||||
mentioned object.
|
||||
|
||||
(No constraints are placed on the extension.)
|
||||
|
||||
Security: CVE-2020-1720
|
||||
Reported-by: Tom Lane
|
||||
Discussion: 31605.1566429043@sss.pgh.pa.us
|
||||
---
|
||||
src/backend/commands/alter.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
|
||||
index fca85ba2c17f..1cb84182b05f 100644
|
||||
--- a/src/backend/commands/alter.c
|
||||
+++ b/src/backend/commands/alter.c
|
||||
@@ -430,6 +430,17 @@ ExecAlterObjectDependsStmt(AlterObjectDependsStmt *stmt, ObjectAddress *refAddre
|
||||
get_object_address_rv(stmt->objectType, stmt->relation, (List *) stmt->object,
|
||||
&rel, AccessExclusiveLock, false);
|
||||
|
||||
+ /*
|
||||
+ * Verify that the user is entitled to run the command.
|
||||
+ *
|
||||
+ * We don't check any privileges on the extension, because that's not
|
||||
+ * needed. The object owner is stipulating, by running this command, that
|
||||
+ * the extension owner can drop the object whenever they feel like it,
|
||||
+ * which is not considered a problem.
|
||||
+ */
|
||||
+ check_object_ownership(GetUserId(),
|
||||
+ stmt->objectType, address, stmt->object, rel);
|
||||
+
|
||||
/*
|
||||
* If a relation was involved, it would have been opened and locked. We
|
||||
* don't need the relation here, but we'll retain the lock until commit.
|
||||
@ -4,7 +4,7 @@
|
||||
|
||||
Name: postgresql
|
||||
Version: 10.5
|
||||
Release: 14
|
||||
Release: 15
|
||||
Summary: PostgreSQL client programs
|
||||
License: PostgreSQL
|
||||
URL: http://www.postgresql.org/
|
||||
@ -31,6 +31,7 @@ Patch6001: 6001-CVE-2019-10164-2.patch
|
||||
Patch6002: CVE-2019-10208.patch
|
||||
Patch6003: CVE-2018-16850.patch
|
||||
Patch6004: CVE-2019-10130.patch
|
||||
Patch6005: CVE-2020-1720.patch
|
||||
|
||||
BuildRequires: gcc perl(ExtUtils::MakeMaker) glibc-devel bison flex gawk perl(ExtUtils::Embed)
|
||||
BuildRequires: perl-devel perl-generators readline-devel zlib-devel systemd systemd-devel
|
||||
@ -164,6 +165,7 @@ that want to run build-time testsuite against running PostgreSQL server.
|
||||
%patch6002 -p1
|
||||
%patch6003 -p1
|
||||
%patch6004 -p1
|
||||
%patch6005 -p1
|
||||
|
||||
%build
|
||||
if [ x"`id -u`" = x0 ]; then
|
||||
@ -428,6 +430,12 @@ find_lang_bins pltcl.lst pltcl
|
||||
%attr(-,postgres,postgres) %{_libdir}/pgsql/test
|
||||
|
||||
%changelog
|
||||
* Wed May 6 2020 cuibaobao <cuibaobao1@huawei.com> - 10.5-15
|
||||
- Type:cve
|
||||
- ID:CVE-2020-1720
|
||||
- SUG: NA
|
||||
- DESC: fix CVE-2020-1720
|
||||
|
||||
* Tue Apr 08 2020 daiqianwen <daiqianwen@huawei.com> - 10.5-14
|
||||
- Type: enhancement
|
||||
- DESC: add postgresql-test-rpm-macros
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user