Home > mailing lists

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

From	Jet
Subject	Re: Potential security risk associated with function call
Date	March 10 15:27:33
Msg-id	tencent_67A43A0A37B0AB350E39C64A@qq.com Whole thread Raw
In response to	Re: Potential security risk associated with function call (Matthias van de Meent <boekewurm+postgres@gmail.com>)
Responses	Re: Potential security risk associated with function call Re: Potential security risk associated with function call
List	pgsql-hackers

Tree view

> Correct. This is expected behaviour: the "internal" and "c" languages
> are not 'trusted' languages, and therefore only superusers can create
> functions using these languages. 
Yes, you're right, only superusers can create "in.ternal" and "c" languages

> It is the explicit responsibility of
> the superuser to make sure the functions they create using untrusted
> languages are correct and execute safely when called by PostgreSQL.
But the question is how can a superuser know the "internal" and "c" functions
implementation details? He will not know whether the code has !PG_ARGISNULL(...),
and create a harmful function accidentally...

Jet
Halo Tech

pgsql-hackers by date:

From: Kirill Reshke
Date: 10 March, 15:26:30
Subject: Re: SQL:2011 Application Time Update & Delete

From: Junwang Zhao
Date: 10 March, 15:28:47
Subject: Re: Eliminating SPI / SQL from some RI triggers - take 3

Re: Potential security risk associated with function call - Mailing list pgsql-hackers

Previous

Next