From 1b995c768db73fc8faa5f1e5c6f6b5784849f7b7 Mon Sep 17 00:00:00 2001 From: Ibrar Ahmed <“ibrar.ahmed@percona.com”> Date: Sun, 22 May 2022 03:49:03 +0000 Subject: [PATCH] PG-417: Replace 'CREATE OR REPLACE' with 'CREATE' for extension. While analyzing the pg_stat_monitor installation scripts I found several vulnerabilities. pg_stat_monitor uses CREATE OR REPLACE to install its functions which is a security hazard. An attacker can precreate the functions have a superuser install the extension and after installation the attacker can switch out the function with a malicious version since he would still be the owner of the function. Instead of CREATE OR REPLACE the installation script should use plain CREATE to prevent this attack. For reference https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY https://github.com/timescale/pgspot --- pg_stat_monitor--1.0.13.sql.in | 6 +++--- pg_stat_monitor--1.0.14.sql.in | 6 +++--- pg_stat_monitor--1.0.sql.in | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pg_stat_monitor--1.0.13.sql.in b/pg_stat_monitor--1.0.13.sql.in index 5de6083e9ce4..1ba41ddb399e 100644 --- a/pg_stat_monitor--1.0.13.sql.in +++ b/pg_stat_monitor--1.0.13.sql.in @@ -89,7 +89,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -102,7 +102,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -225,7 +225,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record; diff --git a/pg_stat_monitor--1.0.14.sql.in b/pg_stat_monitor--1.0.14.sql.in index 0bbb0cefaedd..d3268268dd13 100644 --- a/pg_stat_monitor--1.0.14.sql.in +++ b/pg_stat_monitor--1.0.14.sql.in @@ -89,7 +89,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -102,7 +102,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -226,7 +226,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record; diff --git a/pg_stat_monitor--1.0.sql.in b/pg_stat_monitor--1.0.sql.in index fda49f7cd26f..909100a6ddf1 100644 --- a/pg_stat_monitor--1.0.sql.in +++ b/pg_stat_monitor--1.0.sql.in @@ -86,7 +86,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -99,7 +99,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -212,7 +212,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record;