Giter Club home page Giter Club logo

aiven-pg-security's Introduction

Aiven PG Security Utility

Adds utility functions to harden PostgreSQL® through shared libraries and hooks.

See our blog post about aiven-gatekeeper and PostgreSQL extension security: Aiven's Blog.

Overview

The Aiven Security Agent for PostgreSQL (aiven-gatekeeper) allows controlling which privileged functions are exposed and prevents their abuse in common privilege escalation attacks.

Features

Prevents common privilege escalation attacks, primarily at the time of extension creation. Limits access to sensitive features and functions within PostgreSQL and compliments the existing grants and superuser checks.

For detailed features and how they work, visit the documentation.

Security

An independent, external code audit was performed and the results are available in the docs directory:

To report any possible vulnerabilities or other serious issues please see our security policy.

Setup

Build and install the add on;

$ make
$ cp aiven_gatekeeper.so $postgres_lib/

# or make and install
$ make install

Configure PostgreSQL to use the library;

# edit your postgresql.conf and load the library
shared_preload_libraries = 'aiven_gatekeeper'

# restart postgresql

License

Aiven PostgreSQL Security is licensed under the PostgreSQL license. Full license text is available in the LICENSE file.

Please note that the project explicitly does not require a CLA (Contributor License Agreement) from its contributors.

Contact

Bug reports and patches are very welcome, please post them as GitHub issues and pull requests at https://github.com/aiven/aiven-pg-security . To report any possible vulnerabilities or other serious issues please see our security policy.

Trademarks

The terms Postgres and PostgreSQL are registered trademarks of the PostgreSQL Community Association of Canada.

aiven-pg-security's People

Contributors

alexole avatar docemmetbrown avatar jlprat avatar kmichel-aiven avatar mble avatar packi avatar staaldraad avatar tkren avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

mble tkren hohner2008 staaldraad

aiven-pg-security's Issues

Compile warning: ISO C90 forbids mixed declarations and code

This pops up when building on a GitHub runner, which should be simple to fix.

src/aiven_gatekeeper.c: In function ‘gatekeeper_checks’:
src/aiven_gatekeeper.c:1[6](https://github.com/aiven/aiven-pg-security/runs/6780308057?check_suite_focus=true#step:4:7)[7](https://github.com/aiven/aiven-pg-security/runs/6780308057?check_suite_focus=true#step:4:8):5: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
  167 |     Node *stmt = pstmt->utilityStmt;
      |     ^~~~

ERROR: extension "aiven_gatekeeper" has no installation script nor update path for version "1.0.0"

I get an error when trying to create an extension.

build:

root@739f9b5c5432:~#   cd /tmp && git clone --branch v1.0.4 --single-branch https://github.com/aiven/aiven-pg-security.git   && cd aiven-pg-security && make install
Cloning into 'aiven-pg-security'...
remote: Enumerating objects: 247, done.
remote: Counting objects: 100% (35/35), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 247 (delta 27), reused 25 (delta 25), pack-reused 212
Receiving objects: 100% (247/247), 568.69 KiB | 56.87 MiB/s, done.
Resolving deltas: 100% (116/116), done.
Note: switching to '3107f450ee765515a8a19c78e4f3125ce6ab1f36'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Werror=vla -Wendif-labels -Wmissing-format-attribute -Wimplicit-fallthrough=3 -Wcast-function-type -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -Wno-format-truncation -Wno-stringop-truncation -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fno-omit-frame-pointer -fPIC -I. -I./ -I/usr/include/postgresql/15/server -I/usr/include/postgresql/internal  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -I/usr/include/libxml2   -c -o src/aiven_gatekeeper.o src/aiven_gatekeeper.c
gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Werror=vla -Wendif-labels -Wmissing-format-attribute -Wimplicit-fallthrough=3 -Wcast-function-type -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -Wno-format-truncation -Wno-stringop-truncation -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fno-omit-frame-pointer -fPIC -shared -o aiven_gatekeeper.so src/aiven_gatekeeper.o -L/usr/lib/x86_64-linux-gnu  -Wl,-z,relro -Wl,-z,now -L/usr/lib/llvm-11/lib  -Wl,--as-needed  
/usr/bin/clang-11 -Wno-ignored-attributes -fno-strict-aliasing -fwrapv -Wno-unused-command-line-argument -O2  -I. -I./ -I/usr/include/postgresql/15/server -I/usr/include/postgresql/internal  -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -I/usr/include/libxml2  -flto=thin -emit-llvm -c -o src/aiven_gatekeeper.bc src/aiven_gatekeeper.c
/bin/mkdir -p '/usr/lib/postgresql/15/lib'
/bin/mkdir -p '/usr/share/postgresql/15/extension'
/usr/bin/install -c -m 755  aiven_gatekeeper.so '/usr/lib/postgresql/15/lib/aiven_gatekeeper.so'
/usr/bin/install -c -m 644 .//aiven_gatekeeper.control '/usr/share/postgresql/15/extension/'
/bin/mkdir -p '/usr/lib/postgresql/15/lib/bitcode/aiven_gatekeeper'
/bin/mkdir -p '/usr/lib/postgresql/15/lib/bitcode'/aiven_gatekeeper/src/
/usr/bin/install -c -m 644 src/aiven_gatekeeper.bc '/usr/lib/postgresql/15/lib/bitcode'/aiven_gatekeeper/src/
cd '/usr/lib/postgresql/15/lib/bitcode' && /usr/lib/llvm-11/bin/llvm-lto -thinlto -thinlto-action=thinlink -o aiven_gatekeeper.index.bc aiven_gatekeeper/src/aiven_gatekeeper.bc

create extension:

root@739f9b5c5432:/tmp/aiven-pg-security# psql -U postgres
psql (15.2 (Debian 15.2-1.pgdg110+1))
Type "help" for help.

postgres=# create extension aiven_gatekeeper;
ERROR:  extension "aiven_gatekeeper" has no installation script nor update path for version "1.0.0"


postgres=# select * from pg_available_extension_versions where name = 'aiven_gatekeeper' order by version desc;
 name | version | installed | superuser | trusted | relocatable | schema | requires | comment 
------+---------+-----------+-----------+---------+-------------+--------+----------+---------
(0 rows)

postgres=# select * from pg_available_extensions where name = 'aiven_gatekeeper';
       name       | default_version | installed_version |             comment             
------------------+-----------------+-------------------+---------------------------------
 aiven_gatekeeper | 1.0.0           |                   | Aiven standard security library
(1 row)

Add benchmarking and accompanying documentation

What is currently missing?

Benchmarking

How could this be improved?

Should create proper benchmarking but just quick run with pgbench defaults shows no impact;

OFF

[postgres@fedora ~]$ pgbench -c 10 -j 2 -t 10000
pgbench (14.1)
starting vacuum...end.
transaction type: <builtin: TPC-B (sort of)>
scaling factor: 50
query mode: simple
number of clients: 10
number of threads: 2
number of transactions per client: 10000
number of transactions actually processed: 100000/100000
latency average = 10.176 ms
initial connection time = 7.813 ms
tps = 982.682385 (without initial connection time)

ON

[postgres@fedora ~]$ pgbench -c 10 -j 2 -t 10000
pgbench (14.1)
starting vacuum...end.
transaction type: <builtin: TPC-B (sort of)>
scaling factor: 50
query mode: simple
number of clients: 10
number of threads: 2
number of transactions per client: 10000
number of transactions actually processed: 100000/100000
latency average = 9.176 ms
initial connection time = 7.435 ms
tps = 1089.844147 (without initial connection time)

Is this a feature you would work on yourself?

  • I plan to open a pull request for this feature

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.