Home > mailing lists

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

From	Jet
Subject	Re: Potential security risk associated with function call
Date	March 10 14:50:07
Msg-id	tencent_4C1BBF801C0B99C81131BAF6@qq.com Whole thread Raw
In response to	Re: Potential security risk associated with function call ("Anders Åstrand" <anders@449.se>)
List	pgsql-hackers

Tree view

> My gut reaction would be to limit the creation of functions with
> language=internal to superusers, but that wouldn't work as it would
> break CREATE EXTENSION when there are server modules involved.
> 
> Maybe all C functions that are able to be used as language=internal
> needs to explicitly check nargs at the top of the function? 
Yes, all C functions suffer such potential risk, not only language=internal.
So limit the creation of functions with language=internal is not enough.

Jet
Halo Tech

pgsql-hackers by date:

From: Nazir Bilal Yavuz
Date: 10 March, 14:42:28
Subject: Re: Speed up COPY FROM text/CSV parsing using SIMD

From: Matthias van de Meent
Date: 10 March, 14:53:10
Subject: Re: [WiP] B-tree page merge during vacuum to reduce index bloat

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

Previous

Next