Re: [Pljava-dev] Re: Should creating a new base type require superuser status?

Kris Jurka wrote:
> Thomas Hallgren wrote:
>> Kris Jurka wrote:
>>>
>>> 3) By value: pljava does not correctly handle passed by value types
>>> correctly, allowing access to random memory.
>>>
>> This is simply not true. There's no way a Java developer can access
>> random memory through PL/Java.
>
> No, the point is that the Java developer can provide some data which
> can convince postgresql to fetch random data for the user.
>
> Consider the attached type which is simply an int4 equivalent.
> Depending on how you define it as passed by value or passed by
> reference it will or will not work (attached).
>
> This looks like it works:
>
>
> jurka=# select '1'::intbyref, '2'::intbyval;
> intbyref | intbyval
> ----------+----------
> 1 | 2
> (1 row)
>
> But it doesn't really:
>
> jurka=# create table inttest (a intbyref, b intbyval);
> CREATE TABLE
> jurka=# insert into inttest values ('1', '2');
> INSERT 0 1
> jurka=# select * from inttest;
> a | b
> ---+------------
> 1 | 2139062143
> (1 row)
It seems the pointer is confused for the actual value which means that
writing the value back will corrupt the pointer. That's bad of course
but I would classify this as a bug rather then a general security problem.

PL/Java is designed to do handle all types securely and completely hide
the concept of 'by value' or 'by reference' from the Java developer
since such concepts are meaningless in Java.

- thomas