Peter Eisentraut <peter_e@gmx.net> writes:
> The libpq documentation contains this:
> """
> <productname>PostgreSQL</productname> provides a fast-path interface to
> send function calls to the backend. This is a trapdoor into system
> internals and can be a potential security hole. Most users will not need
> this feature.
> """
> Why and under what circumstances is this a security hole, and what is a
> user to do about it?
The security problem is that the frontend feeds raw internal-format data
to the backend. While this is relatively harmless for datatypes with no
internal structure, it'd be pretty easy to crash the backend by feeding
in a misconstructed polygon, for example. There was some discussion of
this in pgsql-interfaces awhile back, see
http://archives.postgresql.org/pgsql-interfaces/2003-01/msg00000.php
There are a bunch of other problems with the fast-path protocol; see
comments in src/backend/tcop/fastpath.c. I consider redesigning it to
be one of the "must do" topics for the long-threatened protocol revision.
regards, tom lane
