Skip to content

Commit

Permalink
Merge pull request #46833 from knz/backport19.2-45712
Browse files Browse the repository at this point in the history 
release-19.2: sql: prevent arbitrary writes to system.comments
  • Loading branch information
@knz
knz authored Apr 3, 2020
2 parents a7a80a8 + 1b5d365 commit 9bb5d3c
Show file tree
Hide file tree
Showing 14 changed files with 456 additions and 352 deletions.
4 changes: 3 additions & 1 deletion pkg/sql/alter_table.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"fmt"

"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/server/telemetry"
"github.com/cockroachdb/cockroach/pkg/settings/cluster"
"github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode"
Expand Down Expand Up @@ -1028,10 +1029,11 @@ func injectTableStats(
func (p *planner) removeColumnComment(
ctx context.Context, tableID sqlbase.ID, columnID sqlbase.ColumnID,
) error {
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec(
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser(
ctx,
"delete-column-comment",
p.txn,
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=$3",
keys.ColumnCommentType,
tableID,
Expand Down
7 changes: 5 additions & 2 deletions pkg/sql/comment_on_column.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"context"

"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
)
Expand Down Expand Up @@ -49,10 +50,11 @@ func (n *commentOnColumnNode) startExec(params runParams) error {
}

if n.n.Comment != nil {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"set-column-comment",
params.p.Txn(),
security.RootUser,
"UPSERT INTO system.comments VALUES ($1, $2, $3, $4)",
keys.ColumnCommentType,
n.tableDesc.ID,
Expand All @@ -62,10 +64,11 @@ func (n *commentOnColumnNode) startExec(params runParams) error {
return err
}
} else {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"delete-column-comment",
params.p.Txn(),
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=$3",
keys.ColumnCommentType,
n.tableDesc.ID,
Expand Down
7 changes: 5 additions & 2 deletions pkg/sql/comment_on_database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"context"

"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
"github.com/cockroachdb/cockroach/pkg/sql/sqlbase"
Expand Down Expand Up @@ -44,10 +45,11 @@ func (p *planner) CommentOnDatabase(

func (n *commentOnDatabaseNode) startExec(params runParams) error {
if n.n.Comment != nil {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"set-db-comment",
params.p.Txn(),
security.RootUser,
"UPSERT INTO system.comments VALUES ($1, $2, 0, $3)",
keys.DatabaseCommentType,
n.dbDesc.ID,
Expand All @@ -56,10 +58,11 @@ func (n *commentOnDatabaseNode) startExec(params runParams) error {
return err
}
} else {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"delete-db-comment",
params.p.Txn(),
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0",
keys.DatabaseCommentType,
n.dbDesc.ID)
Expand Down
7 changes: 5 additions & 2 deletions pkg/sql/comment_on_table.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"context"

"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
)
Expand Down Expand Up @@ -42,10 +43,11 @@ func (p *planner) CommentOnTable(ctx context.Context, n *tree.CommentOnTable) (p

func (n *commentOnTableNode) startExec(params runParams) error {
if n.n.Comment != nil {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"set-table-comment",
params.p.Txn(),
security.RootUser,
"UPSERT INTO system.comments VALUES ($1, $2, 0, $3)",
keys.TableCommentType,
n.tableDesc.ID,
Expand All @@ -54,10 +56,11 @@ func (n *commentOnTableNode) startExec(params runParams) error {
return err
}
} else {
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.Exec(
_, err := params.p.extendedEvalCtx.ExecCfg.InternalExecutor.ExecWithUser(
params.ctx,
"delete-table-comment",
params.p.Txn(),
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0",
keys.TableCommentType,
n.tableDesc.ID)
Expand Down
4 changes: 3 additions & 1 deletion pkg/sql/drop_database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/cockroachdb/cockroach/pkg/internal/client"
"github.com/cockroachdb/cockroach/pkg/jobs/jobspb"
"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgcode"
"github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgerror"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
Expand Down Expand Up @@ -251,10 +252,11 @@ func (p *planner) accumulateDependentTables(
}

func (p *planner) removeDbComment(ctx context.Context, dbID sqlbase.ID) error {
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec(
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser(
ctx,
"delete-db-comment",
p.txn,
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0",
keys.DatabaseCommentType,
dbID)
Expand Down
7 changes: 5 additions & 2 deletions pkg/sql/drop_table.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"github.com/cockroachdb/cockroach/pkg/jobs/jobspb"
"github.com/cockroachdb/cockroach/pkg/keys"
"github.com/cockroachdb/cockroach/pkg/roachpb"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/privilege"
"github.com/cockroachdb/cockroach/pkg/sql/sem/tree"
"github.com/cockroachdb/cockroach/pkg/sql/sqlbase"
Expand Down Expand Up @@ -569,21 +570,23 @@ func removeMatchingReferences(
func (p *planner) removeTableComment(
ctx context.Context, tableDesc *sqlbase.MutableTableDescriptor,
) error {
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec(
_, err := p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser(
ctx,
"delete-table-comment",
p.txn,
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2 AND sub_id=0",
keys.TableCommentType,
tableDesc.ID)
if err != nil {
return err
}

_, err = p.ExtendedEvalContext().ExecCfg.InternalExecutor.Exec(
_, err = p.ExtendedEvalContext().ExecCfg.InternalExecutor.ExecWithUser(
ctx,
"delete-comment",
p.txn,
security.RootUser,
"DELETE FROM system.comments WHERE type=$1 AND object_id=$2",
keys.ColumnCommentType,
tableDesc.ID)
Expand Down
Loading

0 comments on commit 9bb5d3c

Please sign in to comment.