Re: Re: [Pljava-dev] Should creating a new base type require superuser status?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Thomas Hallgren <thomas(at)tada(dot)se>
Cc: Kris Jurka <books(at)ejurka(dot)com>, pljava-dev(at)pgfoundry(dot)org, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Re: [Pljava-dev] Should creating a new base type require superuser status?
Date: 2008-08-02 16:12:50
Message-ID: 4111.1217693570@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pljava-dev

Thomas Hallgren <thomas(at)tada(dot)se> writes:
> Tom Lane wrote:
>> The problem that we've seen in the past shows up when the user lies in
>> the CREATE TYPE command, specifying type representation properties that
>> are different from what the underlying functions expect.

> This is a non-issue in PL/Java. An integer parameter is never passed by
> reference and there's no way the PL/Java user can get direct access to
> backend memory.

So what exactly does happen when the user deliberately specifies wrong
typlen/typbyval/typalign info when creating a type based on PL/Java
functions?

> I think that assumption is without ground. Java doesn't permit you to
> access memory unless you use Java classes (java.nio stuff) that is
> explicitly designed to do that and you need native code to set such
> things up. A PL/Java user can not do that unless he is able to link in
> other shared objects or dll's to the backend process.

PL/Java itself must be doing "unsafe" things in order to interface with
PG at all. So what your argument really is is that you have managed to
securely sandbox the user-written code you are calling. That might or
might not be true, but I don't think that worrying about it is without
foundation.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Josh Berkus 2008-08-02 16:25:20 Re: Parsing of pg_hba.conf and authentication inconsistencies
Previous Message Sushant Sinha 2008-08-02 15:50:18 Re: [GENERAL] Fragments in tsearch2 headline

Browse pljava-dev by date

  From Date Subject
Next Message Thomas Hallgren 2008-08-03 06:11:53 Re: Re: [Pljava-dev] Should creating a new base type require superuser status?
Previous Message Simon Riggs 2008-08-02 09:41:12 Re: Should creating a new base type require superuser status?