Jeff Janes wrote:
> On Tue, Sep 20, 2016 at 12:19 AM, Michael Paquier <michael.paquier@gmail.com
> > wrote:
>
> >
> > Note: the patch checks if a superuser is calling the new functions,
> > which is a good thing.
> >
>
> If we only have the bytea functions and the user needs to supply the raw
> pages themselves, rather than having the function go get the raw page for
> you, is there any reason to restrict the interpretation function to super
> users? I guess if we don't trust the C coded functions not to dereference
> bogus data in harmful ways?
Yeah, it'd likely be simple to manufacture a fake page that causes the
server to misbehave resulting in a security leak or at least DoS.
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
