Re: Possible problem with PQescapeStringConn and

From: Jeff Davis <pgsql(at)j-davis(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Possible problem with PQescapeStringConn and
Date: 2006-10-27 01:25:53
Message-ID: 1161912353.31124.132.camel@dogma.v10.wvs
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Thu, 2006-10-26 at 19:46 -0400, Tom Lane wrote:
> Jeff Davis <pgsql(at)j-davis(dot)com> writes:
> > You can set standard_conforming_strings in postgresql.conf at any time
> > and reload the config, changing the value for all active connections.
> > That means that if a client opens a connection, and you SIGHUP postgres,
> > and then the client issues a PQescapeStringConn, the client will get an
> > incorrectly-escaped string.
>
> The window for this is pretty narrow, because PQescapeStringConn will
> use the latest-delivered parameter status, but it's certainly true that
> randomly changing standard_conforming_strings wouldn't be a bright idea.
> Probably a documentation note recommending against changing it via
> SIGHUP would be sufficient.
>

It's not a narrow time window (which was my original test), but you're
right that it is narrow in the sense that any command executed on that
connection will update the status. So, a potential attacker has one
chance :)

It seems like a documentation note would be sufficient to prevent people
from changing it too haphazardly. You wouldn't want to change it at
runtime if the bulk of your queries involved escape sequences.

Regards,
Jeff Davis

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Merlin Moncure 2006-10-27 02:00:13 database not enforcing unqiue constriant
Previous Message Tom Lane 2006-10-27 00:28:23 Re: pg_dumpall failing from possible corrupted shared memory