| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Should creating a new base type require superuser status? |
| Date: | 2008-07-30 22:07:53 |
| Message-ID: | 20080730220753.GG3977@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pljava-dev |
Tom Lane wrote:
> If you're not clear on why CREATE TYPE in the hands of a bad guy is
> dangerous, here are a couple of reasons:
>
> * By specifying type representation details (len/byval/align) that are
> different from what the type's functions expect, you could trivially
> crash the backend, and less trivially use a pass-by-reference I/O
> function to read out the contents of backend memory.
I think being able to return cstring from a user defined function is
quite dangerous already. I doubt we would ever give that capability to
non-superusers.
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-07-30 22:13:10 | Re: Should creating a new base type require superuser status? |
| Previous Message | Gregory Stark | 2008-07-30 22:01:06 | Re: Should creating a new base type require superuser status? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-07-30 22:13:10 | Re: Should creating a new base type require superuser status? |
| Previous Message | Gregory Stark | 2008-07-30 22:01:06 | Re: Should creating a new base type require superuser status? |