Skip to content

Commit

Permalink
PG-417: Replace 'CREATE OR REPLACE' with 'CREATE' for extension.
Browse files Browse the repository at this point in the history 
While analyzing the pg_stat_monitor installation scripts I found several
vulnerabilities. pg_stat_monitor uses CREATE OR REPLACE to install its
functions which is a security hazard. An attacker can precreate the functions
have a superuser install the extension and after installation the attacker
can switch out the function with a malicious version since he would still
be the owner of the function. Instead of CREATE OR REPLACE the installation
script should use plain CREATE to prevent this attack.

For reference
https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY
https://github.com/timescale/pgspot
  • Loading branch information
Ibrar Ahmed committed May 22, 2022
1 parent 455d39d commit 1b995c7
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 9 deletions.
6 changes: 3 additions & 3 deletions pg_stat_monitor--1.0.13.sql.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ RETURNS SETOF record
AS 'MODULE_PATHNAME', 'pg_stat_monitor'
LANGUAGE C STRICT VOLATILE PARALLEL SAFE;

CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS
CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS
$$
SELECT
CASE
Expand All @@ -102,7 +102,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
$$
SELECT
CASE
Expand Down Expand Up @@ -225,7 +225,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text)
CREATE FUNCTION histogram(_bucket int, _quryid text)
RETURNS SETOF RECORD AS $$
DECLARE
rec record;
Expand Down
6 changes: 3 additions & 3 deletions pg_stat_monitor--1.0.14.sql.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ RETURNS SETOF record
AS 'MODULE_PATHNAME', 'pg_stat_monitor'
LANGUAGE C STRICT VOLATILE PARALLEL SAFE;

CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS
CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS
$$
SELECT
CASE
Expand All @@ -102,7 +102,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
$$
SELECT
CASE
Expand Down Expand Up @@ -226,7 +226,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text)
CREATE FUNCTION histogram(_bucket int, _quryid text)
RETURNS SETOF RECORD AS $$
DECLARE
rec record;
Expand Down
6 changes: 3 additions & 3 deletions pg_stat_monitor--1.0.sql.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ RETURNS SETOF record
AS 'MODULE_PATHNAME', 'pg_stat_monitor'
LANGUAGE C STRICT VOLATILE PARALLEL SAFE;

CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS
CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS
$$
SELECT
CASE
Expand All @@ -99,7 +99,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS
$$
SELECT
CASE
Expand Down Expand Up @@ -212,7 +212,7 @@ SELECT
$$
LANGUAGE SQL PARALLEL SAFE;

CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text)
CREATE FUNCTION histogram(_bucket int, _quryid text)
RETURNS SETOF RECORD AS $$
DECLARE
rec record;
Expand Down

0 comments on commit 1b995c7

Please sign in to comment.