external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revoke read access to columnar.chunk from unprivileged user (#5313) 

Since this could expose chunk min/max values to unprivileged users.
pull/5310/head
Onur Tirtir 2021-09-22 16:23:02 +03:00 committed by GitHub
parent 8a769ec916
commit 77a2dd68da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 78 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/backend/columnar/sql/columnar--10.2-1--10.2-2.sql Normal file
View File

@ -0,0 +1,5 @@
-- columnar--10.2-1--10.2-2.sql
-- revoke read access for columnar.chunk from unprivileged
-- user as it contains chunk min/max values
REVOKE SELECT ON columnar.chunk FROM PUBLIC;

4
src/backend/columnar/sql/downgrades/columnar--10.2-2--10.2-1.sql Normal file
View File

@ -0,0 +1,4 @@
-- columnar--10.2-2--10.2-1.sql
-- grant read access for columnar.chunk to unprivileged user
GRANT SELECT ON columnar.chunk TO PUBLIC;

2
src/backend/distributed/citus.control
View File

@ -1,6 +1,6 @@
# Citus extension # Citus extension
comment = 'Citus distributed database' comment = 'Citus distributed database'
default_version = '10.2-1' default_version = '10.2-2'
module_pathname = '$libdir/citus' module_pathname = '$libdir/citus'
relocatable = false relocatable = false
schema = pg_catalog schema = pg_catalog

5
src/backend/distributed/sql/citus--10.2-1--10.2-2.sql Normal file
View File

@ -0,0 +1,5 @@
-- citus--10.2-1--10.2-2
-- bump version to 10.2-2
#include "../../columnar/sql/columnar--10.2-1--10.2-2.sql"

3
src/backend/distributed/sql/downgrades/citus--10.2-2--10.2-1.sql Normal file
View File

@ -0,0 +1,3 @@
-- citus--10.2-2--10.2-1
#include "../../../columnar/sql/downgrades/columnar--10.2-2--10.2-1.sql"

16
src/test/regress/expected/multi_extension.out
View File

@ -848,6 +848,22 @@ SELECT * FROM multi_extension.print_extension_changes();
| function worker_nextval(regclass) integer | function worker_nextval(regclass) integer
(16 rows) (16 rows)
-- Test downgrade to 10.2-1 from 10.2-2
ALTER EXTENSION citus UPDATE TO '10.2-2';
ALTER EXTENSION citus UPDATE TO '10.2-1';
-- Should be empty result since upgrade+downgrade should be a no-op
SELECT * FROM multi_extension.print_extension_changes();
previous_object | current_object
---------------------------------------------------------------------
(0 rows)
-- Snapshot of state at 10.2-2
ALTER EXTENSION citus UPDATE TO '10.2-2';
SELECT * FROM multi_extension.print_extension_changes();
previous_object | current_object
---------------------------------------------------------------------
(0 rows)
DROP TABLE multi_extension.prev_objects, multi_extension.extension_diff; DROP TABLE multi_extension.prev_objects, multi_extension.extension_diff;
-- show running version -- show running version
SHOW citus.version; SHOW citus.version;

24
src/test/regress/expected/multi_multiuser.out
View File

@ -265,19 +265,26 @@ SELECT * FROM columnar.stripe;
-- alter a columnar setting -- alter a columnar setting
SET columnar.chunk_group_row_limit = 1050; SET columnar.chunk_group_row_limit = 1050;
DO $proc$
BEGIN
IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
EXECUTE $$
-- create columnar table -- create columnar table
CREATE TABLE columnar_table (a int) USING columnar; CREATE TABLE columnar_table (a int) USING columnar;
-- alter a columnar table that is created by that unprivileged user -- alter a columnar table that is created by that unprivileged user
SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 2000); SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 2000);
alter_columnar_table_set
---------------------------------------------------------------------
(1 row)
-- insert some data and read
INSERT INTO columnar_table VALUES (1), (1);
SELECT * FROM columnar_table;
a
---------------------------------------------------------------------
1
1
(2 rows)
-- and drop it -- and drop it
DROP TABLE columnar_table; DROP TABLE columnar_table;
$$;
END IF;
END$proc$;
-- cannot modify columnar metadata table as unprivileged user -- cannot modify columnar metadata table as unprivileged user
INSERT INTO columnar.stripe VALUES(99); INSERT INTO columnar.stripe VALUES(99);
ERROR: permission denied for table stripe ERROR: permission denied for table stripe
@ -286,6 +293,9 @@ ERROR: permission denied for table stripe
-- (since citus extension has a dependency to it) -- (since citus extension has a dependency to it)
DROP TABLE columnar.chunk; DROP TABLE columnar.chunk;
ERROR: must be owner of table chunk ERROR: must be owner of table chunk
-- cannot read columnar.chunk since it could expose chunk min/max values
SELECT * FROM columnar.chunk;
ERROR: permission denied for table chunk
-- test whether a read-only user can read from citus_tables view -- test whether a read-only user can read from citus_tables view
SELECT distribution_column FROM citus_tables WHERE table_name = 'test'::regclass; SELECT distribution_column FROM citus_tables WHERE table_name = 'test'::regclass;
distribution_column distribution_column

10
src/test/regress/sql/multi_extension.sql
View File

@ -346,6 +346,16 @@ SELECT * FROM multi_extension.print_extension_changes();
ALTER EXTENSION citus UPDATE TO '10.2-1'; ALTER EXTENSION citus UPDATE TO '10.2-1';
SELECT * FROM multi_extension.print_extension_changes(); SELECT * FROM multi_extension.print_extension_changes();
-- Test downgrade to 10.2-1 from 10.2-2
ALTER EXTENSION citus UPDATE TO '10.2-2';
ALTER EXTENSION citus UPDATE TO '10.2-1';
-- Should be empty result since upgrade+downgrade should be a no-op
SELECT * FROM multi_extension.print_extension_changes();
-- Snapshot of state at 10.2-2
ALTER EXTENSION citus UPDATE TO '10.2-2';
SELECT * FROM multi_extension.print_extension_changes();
DROP TABLE multi_extension.prev_objects, multi_extension.extension_diff; DROP TABLE multi_extension.prev_objects, multi_extension.extension_diff;
-- show running version -- show running version

12
src/test/regress/sql/multi_multiuser.sql
View File

@ -162,19 +162,15 @@ SELECT * FROM columnar.stripe;
-- alter a columnar setting -- alter a columnar setting
SET columnar.chunk_group_row_limit = 1050; SET columnar.chunk_group_row_limit = 1050;
DO $proc$
BEGIN
IF substring(current_Setting('server_version'), '\d+')::int >= 12 THEN
EXECUTE $$
-- create columnar table -- create columnar table
CREATE TABLE columnar_table (a int) USING columnar; CREATE TABLE columnar_table (a int) USING columnar;
-- alter a columnar table that is created by that unprivileged user -- alter a columnar table that is created by that unprivileged user
SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 2000); SELECT alter_columnar_table_set('columnar_table', chunk_group_row_limit => 2000);
-- insert some data and read
INSERT INTO columnar_table VALUES (1), (1);
SELECT * FROM columnar_table;
-- and drop it -- and drop it
DROP TABLE columnar_table; DROP TABLE columnar_table;
$$;
END IF;
END$proc$;
-- cannot modify columnar metadata table as unprivileged user -- cannot modify columnar metadata table as unprivileged user
INSERT INTO columnar.stripe VALUES(99); INSERT INTO columnar.stripe VALUES(99);
@ -183,6 +179,8 @@ INSERT INTO columnar.stripe VALUES(99);
-- (since citus extension has a dependency to it) -- (since citus extension has a dependency to it)
DROP TABLE columnar.chunk; DROP TABLE columnar.chunk;
-- cannot read columnar.chunk since it could expose chunk min/max values
SELECT * FROM columnar.chunk;
-- test whether a read-only user can read from citus_tables view -- test whether a read-only user can read from citus_tables view
SELECT distribution_column FROM citus_tables WHERE table_name = 'test'::regclass; SELECT distribution_column FROM citus_tables WHERE table_name = 'test'::regclass;