Re: Make COPY format extendable: Extract COPY TO format implementations

On Wed, Feb 5, 2025 at 3:49 AM Álvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> wrote:
>
> On 2025-Feb-03, Vladlen Popolitov wrote:
>
> > You use FORMAT option to add new formats, filling it with routine name
> > in shared library. As result any caller can call any routine in PostgreSQL
> > kernel.
> > I think, it will start competition, who can find most dangerous routine
> > to call just from COPY FROM command.
>
> Hah.
>
> Maybe it would be a better UI to require that COPY format handlers are
> registered explicitly before they can be used:
>
> CREATE ACCESS METHOD copy_yaml TYPE copy HANDLER copy_yaml_handler;
>
> ... and then when the FORMAT is not recognized as one of the hardcoded
> methods, we go look in pg_am for one with amtype='c' and the given name.
> That gives you the function that initializes the Copy state.
>
> This is convenient enough because system administrators can add COPY
> formats that anyone can use, and doesn't allow to call arbitrary
> functions via COPY.

I think that the patch needs to check if the function's result type is
COPY_HANDLEROID by using get_func_rettype(), before calling it. But
with this check, we can prevent arbitrary functions from being called
via COPY. Why do we need to extend CREATE ACCESS METHOD too for that
purpose?

Regards,

--
Masahiko Sawada
Amazon Web Services: https://aws.amazon.com