Home > mailing lists

Re: Should creating a new base type require superuser status? - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: Should creating a new base type require superuser status?
Date	July 30, 2008 22:08:03
Msg-id	20080730220753.GG3977@alvh.no-ip.org Whole thread Raw
In response to	Should creating a new base type require superuser status? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Should creating a new base type require superuser status? (Andrew Sullivan <ajs@commandprompt.com>) Re: Should creating a new base type require superuser status? (Kris Jurka <books@ejurka.com>)
List	pgsql-hackers

Tree view

Tom Lane wrote:

> If you're not clear on why CREATE TYPE in the hands of a bad guy is
> dangerous, here are a couple of reasons:
> 
> * By specifying type representation details (len/byval/align) that are
> different from what the type's functions expect, you could trivially
> crash the backend, and less trivially use a pass-by-reference I/O
> function to read out the contents of backend memory.

I think being able to return cstring from a user defined function is
quite dangerous already.  I doubt we would ever give that capability to
non-superusers.

I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-hackers by date:

From: Gregory Stark
Date: 30 July 2008, 22:01:14
Subject: Re: Should creating a new base type require superuser status?

From: Tom Lane
Date: 30 July 2008, 22:13:17
Subject: Re: Should creating a new base type require superuser status?

Re: Should creating a new base type require superuser status? - Mailing list pgsql-hackers

Previous

Next