| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | CREATE CAST WITHOUT FUNCTION should require superuserness? |
| Date: | 2002-08-19 20:35:57 |
| Message-ID: | 26415.1029789357@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
CREATE CAST WITHOUT FUNCTION is capable of creating binary equivalences
that will crash the backend when used (eg, between pass-by-value and
pass-by-reference datatypes). The existing restriction that you must
own one of the datatypes hardly seems like an adequate permissions
check ... especially since any unprivileged user is able to create his
own datatypes.
I think it might be a good idea to require superuser permissions to
create a binary-equivalence cast. This is equivalent to the permissions
you'd need to create a dummy C function so as to cause the same failure
without using WITHOUT FUNCTION. Comments?
Also, in the present state of the code a WITHOUT FUNCTION cast does
not work if AS ASSIGNMENT isn't given: parse_coerce.c won't ever find
it. Is this intentional, or just an oversight?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ngpg | 2002-08-19 20:54:53 | Re: [SECURITY] DoS attack on backend possible |
| Previous Message | Andrew J. Kopciuch | 2002-08-19 20:26:20 | ignore me |