Home > mailing lists

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date	July 25, 2022 17:32:42
Msg-id	2015981.1658759562@sss.pgh.pa.us Whole thread Raw
In response to	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS (Nathan Bossart <nathandbossart@gmail.com>)
Responses	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
List	pgsql-hackers

Tree view

Nathan Bossart <nathandbossart@gmail.com> writes:
> Given all this, I think I'm inclined for the new argument.

Pushed like that then (after a bit more fooling with the comments).

I haven't done anything about a test case.  We can't rely on plperl
getting built, and even if we could, it doesn't have any TAP-style
tests so it'd be hard to get it to test this scenario.  However,
I do see that we're not testing session_preload_libraries anywhere,
which seems bad.  I wonder if it'd be a good idea to convert
auto_explain's TAP test to load auto_explain via session_preload_libraries
instead of shared_preload_libraries, and then pass in the settings for
each test via PGOPTIONS instead of constantly rewriting postgresql.conf.

            regards, tom lane

pgsql-hackers by date:

From: Jack Christensen
Date: 25 July 2022, 17:07:25
Subject: Re: Proposal to provide the facility to set binary format output for specific OID's per session

From: Thomas Munro
Date: 25 July 2022, 17:35:35
Subject: Re: Cleaning up historical portability baggage

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS - Mailing list pgsql-hackers

Previous

Next