Check if schema already exists before create extension [BF-2375]

If the schema aiven_extras already exists and belongs to an unprivileged user before adding the extension, it’s possible to abuse it to run some queries in the context of the superuser. [BF-2375]
aiven · Feb 20, 2024 · e09a20e · e09a20e
1 parent 2ad4fc1
commit e09a20e
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
-short_ver = 1.1.11
-last_ver = 1.1.10
+short_ver = 1.1.12
+last_ver = 1.1.11
 long_ver = $(shell git describe --long 2>/dev/null || echo $(short_ver)-0-unknown-g`git describe --always`)
 generated = aiven_extras.control \
 			sql/aiven_extras--$(short_ver).sql \
@@ -36,6 +36,7 @@ sql/aiven_extras--$(short_ver).sql: sql/aiven_extras.sql
 sql/aiven_extras--$(last_ver)--$(short_ver).sql: sql/aiven_extras.sql
 	mkdir -p $(@D)
 	cp -fp $^ $@
+	sed -i '/CREATE SCHEMA aiven_extras;/d' $@
 
 ifeq ("$(wildcard sql/aiven_extras--*--$(last_ver).sql)","")
 	@echo "ERROR: missing upgrade script to last version (sql/aiven_extras--*--$(last_ver).sql)"

diff --git a/aiven_extras.control.in b/aiven_extras.control.in
@@ -1,5 +1,4 @@
 comment = 'aiven_extras'
 default_version = '__short_ver__'
 relocatable = false
-schema = 'aiven_extras'
 module_pathname = '$libdir/aiven_extras'
diff --git a/sql/aiven_extras--1.1.10--1.1.11.sql b/sql/aiven_extras--1.1.10--1.1.11.sql
@@ -0,0 +1 @@
+-- NOOP
diff --git a/sql/aiven_extras.sql b/sql/aiven_extras.sql
@@ -5,6 +5,7 @@ DECLARE
     old_path pg_catalog.TEXT := pg_catalog.current_setting('search_path');
 BEGIN
 
+CREATE SCHEMA aiven_extras;
 -- for safety, transiently set search_path to just pg_catalog+pg_temp
 PERFORM pg_catalog.set_config('search_path', 'pg_catalog, pg_temp', true);