Thread: Bug #428: Another security issue with the JDBC driver.
David Daney (David.Daney@avtrex.com) reports a bug with a severity of 3
The lower the number the more severe it is.
Short Description
Another security issue with the JDBC driver.
Long Description
The JDBC driver requires
permission java.net.SocketPermission "host:port", "connect";
in the policy file of the application using the JDBC driver
in the postgresql.jar file. Since the Socket() call in the
driver is not protected by AccessController.doPrivileged() this
permission must also be granted to the entire application.
The attached diff fixes it so that the connect permission can be
restricted just the the postgresql.jar codeBase if desired.
Sample Code
*** PG_Stream.java.orig Fri Aug 24 09:27:40 2001
--- PG_Stream.java Fri Aug 24 09:42:14 2001
***************
*** 5,10 ****
--- 5,11 ----
import java.net.*;
import java.util.*;
import java.sql.*;
+ import java.security.*;
import org.postgresql.*;
import org.postgresql.core.*;
import org.postgresql.util.*;
***************
*** 27,32 ****
--- 28,52 ----
BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
BytePoolDim2 bytePoolDim2 = new BytePoolDim2();
+ private static class PrivilegedSocket
+ implements PrivilegedExceptionAction
+ {
+ private String host;
+ private int port;
+
+ PrivilegedSocket(String host, int port)
+ {
+ this.host = host;
+ this.port = port;
+ }
+
+ public Object run() throws Exception
+ {
+ return new Socket(host, port);
+ }
+ }
+
+
/**
* Constructor: Connect to the PostgreSQL back end and return
* a stream connection.
***************
*** 37,43 ****
*/
public PG_Stream(String host, int port) throws IOException
{
! connection = new Socket(host, port);
// Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
// improvement on FreeBSD machines (caused by a bug in their TCP Stack)
--- 57,69 ----
*/
public PG_Stream(String host, int port) throws IOException
{
! PrivilegedSocket ps = new PrivilegedSocket(host, port);
! try {
! connection = (Socket)AccessController.doPrivileged(ps);
! }
! catch(PrivilegedActionException pae){
! throw (IOException)pae.getException();
! }
// Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
// improvement on FreeBSD machines (caused by a bug in their TCP Stack)
No file was uploaded with this report
Your patch has been added to the PostgreSQL unapplied patches list at:
http://candle.pha.pa.us/cgi-bin/pgpatches
I will try to apply it within the next 48 hours.
> David Daney (David.Daney@avtrex.com) reports a bug with a severity of 3
> The lower the number the more severe it is.
>
> Short Description
> Another security issue with the JDBC driver.
>
> Long Description
> The JDBC driver requires
>
> permission java.net.SocketPermission "host:port", "connect";
>
> in the policy file of the application using the JDBC driver
> in the postgresql.jar file. Since the Socket() call in the
> driver is not protected by AccessController.doPrivileged() this
> permission must also be granted to the entire application.
>
> The attached diff fixes it so that the connect permission can be
> restricted just the the postgresql.jar codeBase if desired.
>
> Sample Code
> *** PG_Stream.java.orig Fri Aug 24 09:27:40 2001
> --- PG_Stream.java Fri Aug 24 09:42:14 2001
> ***************
> *** 5,10 ****
> --- 5,11 ----
> import java.net.*;
> import java.util.*;
> import java.sql.*;
> + import java.security.*;
> import org.postgresql.*;
> import org.postgresql.core.*;
> import org.postgresql.util.*;
> ***************
> *** 27,32 ****
> --- 28,52 ----
> BytePoolDim1 bytePoolDim1 = new BytePoolDim1();
> BytePoolDim2 bytePoolDim2 = new BytePoolDim2();
>
> + private static class PrivilegedSocket
> + implements PrivilegedExceptionAction
> + {
> + private String host;
> + private int port;
> +
> + PrivilegedSocket(String host, int port)
> + {
> + this.host = host;
> + this.port = port;
> + }
> +
> + public Object run() throws Exception
> + {
> + return new Socket(host, port);
> + }
> + }
> +
> +
> /**
> * Constructor: Connect to the PostgreSQL back end and return
> * a stream connection.
> ***************
> *** 37,43 ****
> */
> public PG_Stream(String host, int port) throws IOException
> {
> ! connection = new Socket(host, port);
>
> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
> // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
> --- 57,69 ----
> */
> public PG_Stream(String host, int port) throws IOException
> {
> ! PrivilegedSocket ps = new PrivilegedSocket(host, port);
> ! try {
> ! connection = (Socket)AccessController.doPrivileged(ps);
> ! }
> ! catch(PrivilegedActionException pae){
> ! throw (IOException)pae.getException();
> ! }
>
> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed
> // improvement on FreeBSD machines (caused by a bug in their TCP Stack)
>
>
> No file was uploaded with this report
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
OK, patch removed from queue. > It is now unclear to me the the > > catch(PrivilegedActionException pae) > > part of the patch is correct. If a SecurityException is thrown in > Socket() (as might happen if the policy file did not give the proper > permissions), then it might be converted into a ClassCastException, > which is probably the wrong thing to do. > > Perhaps I should look into this a bit further. > > David Daney. > > > Bruce Momjian wrote: > > >Your patch has been added to the PostgreSQL unapplied patches list at: > > > > http://candle.pha.pa.us/cgi-bin/pgpatches > > > >I will try to apply it within the next 48 hours. > > > >>David Daney (David.Daney@avtrex.com) reports a bug with a severity of 3 > >>The lower the number the more severe it is. > >> > >>Short Description > >>Another security issue with the JDBC driver. > >> > >>Long Description > >>The JDBC driver requires > >> > >> permission java.net.SocketPermission "host:port", "connect"; > >> > >>in the policy file of the application using the JDBC driver > >>in the postgresql.jar file. Since the Socket() call in the > >>driver is not protected by AccessController.doPrivileged() this > >>permission must also be granted to the entire application. > >> > >>The attached diff fixes it so that the connect permission can be > >>restricted just the the postgresql.jar codeBase if desired. > >> > >>Sample Code > >>*** PG_Stream.java.orig Fri Aug 24 09:27:40 2001 > >>--- PG_Stream.java Fri Aug 24 09:42:14 2001 > >>*************** > >>*** 5,10 **** > >>--- 5,11 ---- > >> import java.net.*; > >> import java.util.*; > >> import java.sql.*; > >>+ import java.security.*; > >> import org.postgresql.*; > >> import org.postgresql.core.*; > >> import org.postgresql.util.*; > >>*************** > >>*** 27,32 **** > >>--- 28,52 ---- > >> BytePoolDim1 bytePoolDim1 = new BytePoolDim1(); > >> BytePoolDim2 bytePoolDim2 = new BytePoolDim2(); > >> > >>+ private static class PrivilegedSocket > >>+ implements PrivilegedExceptionAction > >>+ { > >>+ private String host; > >>+ private int port; > >>+ > >>+ PrivilegedSocket(String host, int port) > >>+ { > >>+ this.host = host; > >>+ this.port = port; > >>+ } > >>+ > >>+ public Object run() throws Exception > >>+ { > >>+ return new Socket(host, port); > >>+ } > >>+ } > >>+ > >>+ > >> /** > >> * Constructor: Connect to the PostgreSQL back end and return > >> * a stream connection. > >>*************** > >>*** 37,43 **** > >> */ > >> public PG_Stream(String host, int port) throws IOException > >> { > >>! connection = new Socket(host, port); > >> > >> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >>--- 57,69 ---- > >> */ > >> public PG_Stream(String host, int port) throws IOException > >> { > >>! PrivilegedSocket ps = new PrivilegedSocket(host, port); > >>! try { > >>! connection = (Socket)AccessController.doPrivileged(ps); > >>! } > >>! catch(PrivilegedActionException pae){ > >>! throw (IOException)pae.getException(); > >>! } > >> > >> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >> > >> > >>No file was uploaded with this report > >> > >> > >>---------------------------(end of broadcast)--------------------------- > >>TIP 5: Have you checked our extensive FAQ? > >> > >>http://www.postgresql.org/users-lounge/docs/faq.html > >> > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
OK, re-added. > I am sorry to keep going back and forth on this, but: > > The original patch is correct and does the proper thing. I should have > tested this before sounding the alarm. > > AccessController.doPrivileged() > > Propagates SecurityExceptions without wrapping them in a PrivilegedActionException so it appears that there is not thepossibility of a ClassCastException. > > David Daney. > > > Bruce Momjian wrote: > > >OK, patch removed from queue. > > > >>It is now unclear to me the the > >> > >>catch(PrivilegedActionException pae) > >> > >>part of the patch is correct. If a SecurityException is thrown in > >>Socket() (as might happen if the policy file did not give the proper > >>permissions), then it might be converted into a ClassCastException, > >>which is probably the wrong thing to do. > >> > >>Perhaps I should look into this a bit further. > >> > >>David Daney. > >> > >> > >>Bruce Momjian wrote: > >> > >>>Your patch has been added to the PostgreSQL unapplied patches list at: > >>> > >>> http://candle.pha.pa.us/cgi-bin/pgpatches > >>> > >>>I will try to apply it within the next 48 hours. > >>> > >>>>David Daney (David.Daney@avtrex.com) reports a bug with a severity of 3 > >>>>The lower the number the more severe it is. > >>>> > >>>>Short Description > >>>>Another security issue with the JDBC driver. > >>>> > >>>>Long Description > >>>>The JDBC driver requires > >>>> > >>>> permission java.net.SocketPermission "host:port", "connect"; > >>>> > >>>>in the policy file of the application using the JDBC driver > >>>>in the postgresql.jar file. Since the Socket() call in the > >>>>driver is not protected by AccessController.doPrivileged() this > >>>>permission must also be granted to the entire application. > >>>> > >>>>The attached diff fixes it so that the connect permission can be > >>>>restricted just the the postgresql.jar codeBase if desired. > >>>> > >>>>Sample Code > >>>>*** PG_Stream.java.orig Fri Aug 24 09:27:40 2001 > >>>>--- PG_Stream.java Fri Aug 24 09:42:14 2001 > >>>>*************** > >>>>*** 5,10 **** > >>>>--- 5,11 ---- > >>>> import java.net.*; > >>>> import java.util.*; > >>>> import java.sql.*; > >>>>+ import java.security.*; > >>>> import org.postgresql.*; > >>>> import org.postgresql.core.*; > >>>> import org.postgresql.util.*; > >>>>*************** > >>>>*** 27,32 **** > >>>>--- 28,52 ---- > >>>> BytePoolDim1 bytePoolDim1 = new BytePoolDim1(); > >>>> BytePoolDim2 bytePoolDim2 = new BytePoolDim2(); > >>>> > >>>>+ private static class PrivilegedSocket > >>>>+ implements PrivilegedExceptionAction > >>>>+ { > >>>>+ private String host; > >>>>+ private int port; > >>>>+ > >>>>+ PrivilegedSocket(String host, int port) > >>>>+ { > >>>>+ this.host = host; > >>>>+ this.port = port; > >>>>+ } > >>>>+ > >>>>+ public Object run() throws Exception > >>>>+ { > >>>>+ return new Socket(host, port); > >>>>+ } > >>>>+ } > >>>>+ > >>>>+ > >>>> /** > >>>> * Constructor: Connect to the PostgreSQL back end and return > >>>> * a stream connection. > >>>>*************** > >>>>*** 37,43 **** > >>>> */ > >>>> public PG_Stream(String host, int port) throws IOException > >>>> { > >>>>! connection = new Socket(host, port); > >>>> > >>>> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >>>>--- 57,69 ---- > >>>> */ > >>>> public PG_Stream(String host, int port) throws IOException > >>>> { > >>>>! PrivilegedSocket ps = new PrivilegedSocket(host, port); > >>>>! try { > >>>>! connection = (Socket)AccessController.doPrivileged(ps); > >>>>! } > >>>>! catch(PrivilegedActionException pae){ > >>>>! throw (IOException)pae.getException(); > >>>>! } > >>>> > >>>> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >>>> > >>>> > >>>>No file was uploaded with this report > >>>> > >>>> > >>>>---------------------------(end of broadcast)--------------------------- > >>>>TIP 5: Have you checked our extensive FAQ? > >>>> > >>>>http://www.postgresql.org/users-lounge/docs/faq.html > >>>> > >> > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Patch applied. Thanks. > I am sorry to keep going back and forth on this, but: > > The original patch is correct and does the proper thing. I should have > tested this before sounding the alarm. > > AccessController.doPrivileged() > > Propagates SecurityExceptions without wrapping them in a PrivilegedActionException so it appears that there is not thepossibility of a ClassCastException. > > David Daney. > > > Bruce Momjian wrote: > > >OK, patch removed from queue. > > > >>It is now unclear to me the the > >> > >>catch(PrivilegedActionException pae) > >> > >>part of the patch is correct. If a SecurityException is thrown in > >>Socket() (as might happen if the policy file did not give the proper > >>permissions), then it might be converted into a ClassCastException, > >>which is probably the wrong thing to do. > >> > >>Perhaps I should look into this a bit further. > >> > >>David Daney. > >> > >> > >>Bruce Momjian wrote: > >> > >>>Your patch has been added to the PostgreSQL unapplied patches list at: > >>> > >>> http://candle.pha.pa.us/cgi-bin/pgpatches > >>> > >>>I will try to apply it within the next 48 hours. > >>> > >>>>David Daney (David.Daney@avtrex.com) reports a bug with a severity of 3 > >>>>The lower the number the more severe it is. > >>>> > >>>>Short Description > >>>>Another security issue with the JDBC driver. > >>>> > >>>>Long Description > >>>>The JDBC driver requires > >>>> > >>>> permission java.net.SocketPermission "host:port", "connect"; > >>>> > >>>>in the policy file of the application using the JDBC driver > >>>>in the postgresql.jar file. Since the Socket() call in the > >>>>driver is not protected by AccessController.doPrivileged() this > >>>>permission must also be granted to the entire application. > >>>> > >>>>The attached diff fixes it so that the connect permission can be > >>>>restricted just the the postgresql.jar codeBase if desired. > >>>> > >>>>Sample Code > >>>>*** PG_Stream.java.orig Fri Aug 24 09:27:40 2001 > >>>>--- PG_Stream.java Fri Aug 24 09:42:14 2001 > >>>>*************** > >>>>*** 5,10 **** > >>>>--- 5,11 ---- > >>>> import java.net.*; > >>>> import java.util.*; > >>>> import java.sql.*; > >>>>+ import java.security.*; > >>>> import org.postgresql.*; > >>>> import org.postgresql.core.*; > >>>> import org.postgresql.util.*; > >>>>*************** > >>>>*** 27,32 **** > >>>>--- 28,52 ---- > >>>> BytePoolDim1 bytePoolDim1 = new BytePoolDim1(); > >>>> BytePoolDim2 bytePoolDim2 = new BytePoolDim2(); > >>>> > >>>>+ private static class PrivilegedSocket > >>>>+ implements PrivilegedExceptionAction > >>>>+ { > >>>>+ private String host; > >>>>+ private int port; > >>>>+ > >>>>+ PrivilegedSocket(String host, int port) > >>>>+ { > >>>>+ this.host = host; > >>>>+ this.port = port; > >>>>+ } > >>>>+ > >>>>+ public Object run() throws Exception > >>>>+ { > >>>>+ return new Socket(host, port); > >>>>+ } > >>>>+ } > >>>>+ > >>>>+ > >>>> /** > >>>> * Constructor: Connect to the PostgreSQL back end and return > >>>> * a stream connection. > >>>>*************** > >>>>*** 37,43 **** > >>>> */ > >>>> public PG_Stream(String host, int port) throws IOException > >>>> { > >>>>! connection = new Socket(host, port); > >>>> > >>>> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >>>>--- 57,69 ---- > >>>> */ > >>>> public PG_Stream(String host, int port) throws IOException > >>>> { > >>>>! PrivilegedSocket ps = new PrivilegedSocket(host, port); > >>>>! try { > >>>>! connection = (Socket)AccessController.doPrivileged(ps); > >>>>! } > >>>>! catch(PrivilegedActionException pae){ > >>>>! throw (IOException)pae.getException(); > >>>>! } > >>>> > >>>> // Submitted by Jason Venner <jason@idiom.com> adds a 10x speed > >>>> // improvement on FreeBSD machines (caused by a bug in their TCP Stack) > >>>> > >>>> > >>>>No file was uploaded with this report > >>>> > >>>> > >>>>---------------------------(end of broadcast)--------------------------- > >>>>TIP 5: Have you checked our extensive FAQ? > >>>> > >>>>http://www.postgresql.org/users-lounge/docs/faq.html > >>>> > >> > > > > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026