From a59bca088ad1d94397e77c414b1153161b67e0fb Mon Sep 17 00:00:00 2001 From: Ibrar Ahmed <“ibrar.ahmed@percona.com”> Date: Sun, 22 May 2022 03:44:32 +0000 Subject: [PATCH] PG-417: Replace 'CREATE OR REPLACE' with 'CREATE' for extension. While analyzing the pg_stat_monitor installation scripts I found several vulnerabilities. pg_stat_monitor uses CREATE OR REPLACE to install its functions which is a security hazard. An attacker can precreate the functions have a superuser install the extension and after installation the attacker can switch out the function with a malicious version since he would still be the owner of the function. Instead of CREATE OR REPLACE the installation script should use plain CREATE to prevent this attack. For reference https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY https://github.com/timescale/pgspot --- pg_stat_monitor--1.0.13.sql.in | 6 +++--- pg_stat_monitor--1.0.14.sql.in | 6 +++--- pg_stat_monitor--1.0.sql.in | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pg_stat_monitor--1.0.13.sql.in b/pg_stat_monitor--1.0.13.sql.in index 5de6083..1ba41dd 100644 --- a/pg_stat_monitor--1.0.13.sql.in +++ b/pg_stat_monitor--1.0.13.sql.in @@ -89,7 +89,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -102,7 +102,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -225,7 +225,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record; diff --git a/pg_stat_monitor--1.0.14.sql.in b/pg_stat_monitor--1.0.14.sql.in index 0bbb0ce..d326826 100644 --- a/pg_stat_monitor--1.0.14.sql.in +++ b/pg_stat_monitor--1.0.14.sql.in @@ -89,7 +89,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -102,7 +102,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -226,7 +226,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record; diff --git a/pg_stat_monitor--1.0.sql.in b/pg_stat_monitor--1.0.sql.in index fda49f7..909100a 100644 --- a/pg_stat_monitor--1.0.sql.in +++ b/pg_stat_monitor--1.0.sql.in @@ -86,7 +86,7 @@ RETURNS SETOF record AS 'MODULE_PATHNAME', 'pg_stat_monitor' LANGUAGE C STRICT VOLATILE PARALLEL SAFE; -CREATE OR REPLACE FUNCTION get_state(state_code int8) RETURNS TEXT AS +CREATE FUNCTION get_state(state_code int8) RETURNS TEXT AS $$ SELECT CASE @@ -99,7 +99,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE or REPLACE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS +CREATE FUNCTION get_cmd_type (cmd_type INTEGER) RETURNS TEXT AS $$ SELECT CASE @@ -212,7 +212,7 @@ SELECT $$ LANGUAGE SQL PARALLEL SAFE; -CREATE OR REPLACE FUNCTION histogram(_bucket int, _quryid text) +CREATE FUNCTION histogram(_bucket int, _quryid text) RETURNS SETOF RECORD AS $$ DECLARE rec record;