Re: [BUGS] Bug #428: Another security issue with the JDBC driver.

I am sorry to keep going back and forth on this, but:

The original patch is correct and does the proper thing. I should have
tested this before sounding the alarm.

AccessController.doPrivileged()

Propagates SecurityExceptions without wrapping them in a PrivilegedActionException so it appears that there is not the possibility of a ClassCastException.

David Daney.

Bruce Momjian wrote:

>OK, patch removed from queue.
>
>>It is now unclear to me the the
>>
>>catch(PrivilegedActionException pae)
>>
>>part of the patch is correct. If a SecurityException is thrown in
>>Socket() (as might happen if the policy file did not give the proper
>>permissions), then it might be converted into a ClassCastException,
>>which is probably the wrong thing to do.
>>
>>Perhaps I should look into this a bit further.
>>
>>David Daney.
>>
>>
>>Bruce Momjian wrote:
>>
>>>Your patch has been added to the PostgreSQL unapplied patches list at:
>>>
>>> http://candle.pha.pa.us/cgi-bin/pgpatches
>>>
>>>I will try to apply it within the next 48 hours.
>>>
>>>>David Daney (David(dot)Daney(at)avtrex(dot)com) reports a bug with a severity of 3
>>>>The lower the number the more severe it is.
>>>>
>>>>Short Description
>>>>Another security issue with the JDBC driver.
>>>>
>>>>Long Description
>>>>The JDBC driver requires
>>>>
>>>> permission java.net.SocketPermission "host:port", "connect";
>>>>
>>>>in the policy file of the application using the JDBC driver
>>>>in the postgresql.jar file. Since the Socket() call in the
>>>>driver is not protected by AccessController.doPrivileged() this
>>>>permission must also be granted to the entire application.
>>>>
>>>>The attached diff fixes it so that the connect permission can be
>>>>restricted just the the postgresql.jar codeBase if desired.
>>>>
>>>>Sample Code
>>>>*** PG_Stream.java.orig Fri Aug 24 09:27:40 2001
>>>>--- PG_Stream.java Fri Aug 24 09:42:14 2001
>>>>***************
>>>>*** 5,10 ****
>>>>--- 5,11 ----
>>>> import java.net.*;
>>>> import java.util.*;
>>>> import java.sql.*;
>>>>+ import java.security.*;
>>>> import org.postgresql.*;
>>>> import org.postgresql.core.*;
>>>> import org.postgresql.util.*;
>>>>***************
>>>>*** 27,32 ****
>>>>--- 28,52 ----
>>>> BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
>>>> BytePoolDim2 bytePoolDim2 = new BytePoolDim2();
>>>>
>>>>+ private static class PrivilegedSocket
>>>>+ implements PrivilegedExceptionAction
>>>>+ {
>>>>+ private String host;
>>>>+ private int port;
>>>>+
>>>>+ PrivilegedSocket(String host, int port)
>>>>+ {
>>>>+ this.host = host;
>>>>+ this.port = port;
>>>>+ }
>>>>+
>>>>+ public Object run() throws Exception
>>>>+ {
>>>>+ return new Socket(host, port);
>>>>+ }
>>>>+ }
>>>>+
>>>>+
>>>> /**
>>>> * Constructor: Connect to the PostgreSQL back end and return
>>>> * a stream connection.
>>>>***************
>>>>*** 37,43 ****
>>>> */
>>>> public PG_Stream(String host, int port) throws IOException
>>>> {
>>>>! connection = new Socket(host, port);
>>>>
>>>> // Submitted by Jason Venner <jason(at)idiom(dot)com> adds a 10x speed
>>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
>>>>--- 57,69 ----
>>>> */
>>>> public PG_Stream(String host, int port) throws IOException
>>>> {
>>>>! PrivilegedSocket ps = new PrivilegedSocket(host, port);
>>>>! try {
>>>>! connection = (Socket)AccessController.doPrivileged(ps);
>>>>! }
>>>>! catch(PrivilegedActionException pae){
>>>>! throw (IOException)pae.getException();
>>>>! }
>>>>
>>>> // Submitted by Jason Venner <jason(at)idiom(dot)com> adds a 10x speed
>>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
>>>>
>>>>
>>>>No file was uploaded with this report
>>>>
>>>>
>>>>---------------------------(end of broadcast)---------------------------
>>>>TIP 5: Have you checked our extensive FAQ?
>>>>
>>>>http://www.postgresql.org/users-lounge/docs/faq.html
>>>>
>>
>