Home > mailing lists

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

From	Jet
Subject	Re: Potential security risk associated with function call
Date	March 10 15:44:46
Msg-id	tencent_62EB6CDE73ED1FFC4CAD7A3B@qq.com Whole thread Raw
In response to	Re: Potential security risk associated with function call (Kirill Reshke <reshkekirill@gmail.com>)
List	pgsql-hackers

Tree view

> > > It is the explicit responsibility of
> > > the superuser to make sure the functions they create using untrusted
> > > languages are correct and execute safely when called by PostgreSQL.
> > But the question is how can a superuser know the "internal" and "c" functions
> > implementation details? He will not know whether the code has !PG_ARGISNULL(...),
> > and create a harmful function accidentally...

> I think our global assumption is that superuser is super-wise and
> knows everything

Totally agreed ...

Jet
Halo Tech

pgsql-hackers by date:

From: Kirill Reshke
Date: 10 March, 15:39:28
Subject: Re: Potential security risk associated with function call

From: vignesh C
Date: 10 March, 15:49:34
Subject: Re: Skipping schema changes in publication

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

Previous

Next