[PATCHES] dblink connection security

Sun, 01 Jul 2007 08:51:57 -0700 

Patch based on recent -hackers discussions, it removes usage from public, and 
adds a note to the documentation about why this is neccessary. 

-- 
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL

Index: contrib/dblink/dblink.sql.in
===================================================================
RCS file: /projects/cvsroot/pgsql/contrib/dblink/dblink.sql.in,v
retrieving revision 1.11
diff -c -r1.11 dblink.sql.in
*** contrib/dblink/dblink.sql.in	2 Sep 2006 21:11:15 -0000	1.11
--- contrib/dblink/dblink.sql.in	1 Jul 2007 15:34:20 -0000
***************
*** 8,13 ****
--- 8,18 ----
  AS 'MODULE_PATHNAME','dblink_connect'
  LANGUAGE C STRICT;
  
+ -- Comment these lines to give access to dblink to all users.
+ -- Please read security note in doc/connection before doing so.
+ REVOKE * ON dblink_connect(text) FROM PUBLIC;
+ REVOKE * ON dblink_connect(text,text) FROM PUBLIC;
+ 
  CREATE OR REPLACE FUNCTION dblink_disconnect ()
  RETURNS text
  AS 'MODULE_PATHNAME','dblink_disconnect'
Index: contrib/dblink/doc/connection
===================================================================
RCS file: /projects/cvsroot/pgsql/contrib/dblink/doc/connection,v
retrieving revision 1.4
diff -c -r1.4 connection
*** contrib/dblink/doc/connection	11 Mar 2006 04:38:29 -0000	1.4
--- contrib/dblink/doc/connection	1 Jul 2007 15:34:20 -0000
***************
*** 61,66 ****
--- 61,75 ----
  
    Returns status = "OK"
  
+ Note
+ 
+   As a security precaution, dblink revokes access from PUBLIC role usage for
+   the dblink_connect functions. One example attack method is that of
+   remote users using dblink to gain access to accounts that may not
+   require re-authentication from local connections (which dblink provides).
+   Other possible attack vectors are explored in a paper on PostgreSQL security
+   at http://www.leidecker.info/pgshell/Having_Fun_With_PostgreSQL.txt.
+ 
  Example usage
  
  test=# select dblink_disconnect();

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq

Reply via email to