Home > mailing lists

Re: [GENERAL] Security implications of (plpgsql) functions - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [GENERAL] Security implications of (plpgsql) functions
Date	October 21, 2002 15:44:50
Msg-id	25182.1035218681@sss.pgh.pa.us Whole thread Raw
In response to	Re: [GENERAL] Security implications of (plpgsql) functions (Joe Conway <mail@joeconway.com>)
Responses	Re: [GENERAL] Security implications of (plpgsql) functions (Robert Treat <xzilla@users.sourceforge.net>)
List	pgsql-hackers

Tree view

Joe Conway <mail@joeconway.com> writes:
> Is there any way to recognize infinite recursion by analyzing the saved 
> execution tree -- i.e. can we assume that a function that calls itself, with 
> the same arguments with which it was called, constitutes infinite recursion?

A bulletproof solution would be equivalent to solving the halting
problem, I believe.  The test you mentioned is easily defeated by
recursing between two functions.  Also, a would-be instigator of
DOS doesn't need *infinite* recursion; it could be quite finite and
still blow out your stack.  For example ask for factorial(10million)
where factorial is defined in the traditional recursive way...
        regards, tom lane

pgsql-hackers by date:

From: Joe Conway
Date: 21 October 2002, 15:41:31
Subject: Re: [GENERAL] Security implications of (plpgsql) functions

From: Tom Lane
Date: 21 October 2002, 15:52:06
Subject: Re: Please help

Re: [GENERAL] Security implications of (plpgsql) functions - Mailing list pgsql-hackers

Previous

Next