| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> |
| Cc: | Luca Ferrari <fluca1978(at)gmail(dot)com>, Александр Петросян <paf(at)yandex(dot)ru>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: debugger from superuser only.... why? |
| Date: | 2023-09-27 13:52:09 |
| Message-ID: | 598114.1695822729@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> writes:
> 25 сент. 2023 г., в 17:28, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> написал(а):
>> you’d have a big problem with being able to change the behavior of
>> security-definer functions.
> Could you please elaborate on this, Tom?
pldebugger allows you to change the contents of a function's
local variables. Obviously the threat level would depend a lot
on the details of the particular function, but it's not hard
to envision cases where that would be enough to make the function
do something other than what it was supposed to.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2023-09-27 14:49:51 | Re: valid casts to anyarray |
| Previous Message | Alexander Petrossian | 2023-09-27 11:30:43 | Re: debugger from superuser only.... why? |