Home > mailing lists

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Date	June 12, 2012 18:50:59
Msg-id	CA+TgmobU=g370Rr8VnCC2bnx++uGmDftuhtEs7ETnyDTsLoZrw@mail.gmail.com Whole thread Raw
In response to	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) (Noah Misch <noah@leadboat.com>)
Responses	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Tue, Jun 12, 2012 at 11:31 AM, Noah Misch <noah@leadboat.com> wrote:
>> > Here's a patch implementing that restriction.  To clarify, I see no need to
>> > repeat *all* the CREATE-time checks; for example, there's no need to recheck
>> > permission to use the return type.  The language usage check is enough.
>>
>> This seems bizarre and largely unnecessary.  As you stated to begin
>> with, granting ownership of a function implies some degree of trust.
>
> Yes, but I would never expect that level of trust to include access to crash
> the server as a consequence of the function's reliance on STRICT.

+1.  Crashes are bad.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 12 June 2012, 18:49:24
Subject: Re: [COMMITTERS] pgsql: Mark JSON error detail messages for translation.

From: Tom Lane
Date: 12 June 2012, 19:13:42
Subject: Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

Previous

Next