Home > mailing lists

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

From	Kirill Reshke
Subject	Re: Potential security risk associated with function call
Date	March 10 15:39:28
Msg-id	CALdSSPj7yhwWu1PVZaHBNjiH0FZcwiLw8dv02zEMqS1f6KB7uQ@mail.gmail.com Whole thread Raw
In response to	Re: Potential security risk associated with function call ("Jet" <zhangchenxi@halodbtech.com>)
Responses	Re: Potential security risk associated with function call Re: Potential security risk associated with function call
List	pgsql-hackers

Tree view

On Tue, 10 Mar 2026 at 17:27, Jet <zhangchenxi@halodbtech.com> wrote:

> > It is the explicit responsibility of
> > the superuser to make sure the functions they create using untrusted
> > languages are correct and execute safely when called by PostgreSQL.
> But the question is how can a superuser know the "internal" and "c" functions
> implementation details? He will not know whether the code has !PG_ARGISNULL(...),
> and create a harmful function accidentally...

I think our global assumption is that superuser is super-wise and
knows everything

-- 
Best regards,
Kirill Reshke

pgsql-hackers by date:

From: "David G. Johnston"
Date: 10 March, 15:37:13
Subject: Re: Potential security risk associated with function call

From: "Jet"
Date: 10 March, 15:44:46
Subject: Re: Potential security risk associated with function call

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

Previous

Next