Skip site navigation (1) Skip section navigation (2)

Bug #428: Another security issue with the JDBC driver.

From: pgsql-bugs(at)postgresql(dot)org
To: pgsql-bugs(at)postgresql(dot)org
Subject: Bug #428: Another security issue with the JDBC driver.
Date: 2001-08-24 17:20:00
Message-ID: 200108241720.f7OHK0G17478@hub.org (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-bugspgsql-jdbcpgsql-patches
David Daney (David(dot)Daney(at)avtrex(dot)com) reports a bug with a severity of 3
The lower the number the more severe it is.

Short Description
Another security issue with the JDBC driver.

Long Description
The JDBC driver requires

  permission java.net.SocketPermission "host:port", "connect";

in the policy file of the application using the JDBC driver 
in the postgresql.jar file.  Since the Socket() call in the
driver is not protected by AccessController.doPrivileged() this
permission must also be granted to the entire application.

The attached diff fixes it so that the connect permission can be
restricted just the the postgresql.jar codeBase if desired.

Sample Code
*** PG_Stream.java.orig	Fri Aug 24 09:27:40 2001
--- PG_Stream.java	Fri Aug 24 09:42:14 2001
***************
*** 5,10 ****
--- 5,11 ----
  import java.net.*;
  import java.util.*;
  import java.sql.*;
+ import java.security.*;
  import org.postgresql.*;
  import org.postgresql.core.*;
  import org.postgresql.util.*;
***************
*** 27,32 ****
--- 28,52 ----
      BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
      BytePoolDim2 bytePoolDim2 = new BytePoolDim2();
  
+    private static class PrivilegedSocket
+       implements PrivilegedExceptionAction
+    {
+       private String host;
+       private int port;
+       
+       PrivilegedSocket(String host, int port)
+       {
+          this.host = host;
+          this.port = port;
+       }
+ 
+       public Object run() throws Exception
+       {
+          return new Socket(host, port);
+       }
+    }
+    
+ 
    /**
     * Constructor:  Connect to the PostgreSQL back end and return
     * a stream connection.
***************
*** 37,43 ****
     */
    public PG_Stream(String host, int port) throws IOException
    {
!     connection = new Socket(host, port);
  
      // Submitted by Jason Venner <jason(at)idiom(dot)com> adds a 10x speed
      // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
--- 57,69 ----
     */
    public PG_Stream(String host, int port) throws IOException
    {
!      PrivilegedSocket ps = new PrivilegedSocket(host, port);
!      try {
!         connection = (Socket)AccessController.doPrivileged(ps);
!      }
!      catch(PrivilegedActionException pae){
!         throw (IOException)pae.getException();
!      }
  
      // Submitted by Jason Venner <jason(at)idiom(dot)com> adds a 10x speed
      // improvement on FreeBSD machines (caused by a bug in their TCP Stack)


No file was uploaded with this report


Responses

pgsql-jdbc by date

Next:From: Ned WolpertDate: 2001-08-24 18:12:23
Subject: Re: Re: [JDBC] New backend functions?
Previous:From: Bruce MomjianDate: 2001-08-24 16:50:09
Subject: Re: [PATCHES] patch for JDBC1 build problems

pgsql-bugs by date

Next:From: Tomasz ZielonkaDate: 2001-08-24 17:24:51
Subject: Re: Strange deadlock problem on simple concurrent SELECT/LOCK TABLE transactions
Previous:From: Tomasz ZielonkaDate: 2001-08-24 16:19:57
Subject: Strange deadlock problem on simple concurrent SELECT/LOCK TABLE transactions

pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-08-24 17:35:28
Subject: Re: DROP CONSTRAINT (UNIQUE) preliminary support
Previous:From: Bruce MomjianDate: 2001-08-24 16:53:23
Subject: Re: insert multiple rows attempt two

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group