Thread: executing user-defined functions

executing user-defined functions

From
oberpwd@anubis.network.com (Wade D. Oberpriller)
Date:
Hello all,

I was wondering if PostgreSQL protects itself when executing user-defined
functions? Or does it go under the assumption that all user-defined functions
will NOT crash (if they do you have a serious problem and need to fix the
function)?

We are building an app where we want 3rd parties to be able to give us their
data, and give us functions to check their data. We will insert the data into
our database and run their functions when needed. However we don't want their
functions to take down our system.

Is this possible with PostgreSQL?

Wade Oberpriller
StorageTek
oberpwd@network.com


Re: executing user-defined functions

From
Tom Lane
Date:
oberpwd@anubis.network.com (Wade D. Oberpriller) writes:
> I was wondering if PostgreSQL protects itself when executing user-defined
> functions?

User-written functions coded in C are insecure by definition; it's up
to you to get them right.  The other available programming languages
are considerably safer.

> We are building an app where we want 3rd parties to be able to give us their
> data, and give us functions to check their data. We will insert the data into
> our database and run their functions when needed. However we don't want their
> functions to take down our system.

Don't accept C functions then...

            regards, tom lane

Re: executing user-defined functions

From
Jan Wieck
Date:
Wade D. Oberpriller wrote:
> Hello all,
>
> I was wondering if PostgreSQL protects itself when executing user-defined
> functions? Or does it go under the assumption that all user-defined functions
> will NOT crash (if they do you have a serious problem and need to fix the
> function)?
>
> We are building an app where we want 3rd parties to be able to give us their
> data, and give us functions to check their data. We will insert the data into
> our database and run their functions when needed. However we don't want their
> functions to take down our system.
>
> Is this possible with PostgreSQL?

    PostgreSQL  does  NOT  protect itself in any way against user
    defined functions written in C. They live in the same address
    space  as  the  backend,  executing  under the user ID of the
    postgres superuser. So they not  only  can  crash  their  own
    backend, worst case they could possibly corrupt shared memory
    data, thus corrupting the  database  and  crashing  other  or
    subsequent backends as well.

    Insist  on  getting  the  code of the 3rd party functions and
    check it carefully. Or require these functions beeing written
    in  a  procedural  language  (PL/pgSQL,  PL/Tcl  or PL/perl).
    Procedural languages are interpreted ones, so as long as  the
    language handler is safe, the backend is too.


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #