| From: | Vladlen Popolitov <v(dot)popolitov(at)postgrespro(dot)ru> |
|---|---|
| To: | Sutou Kouhei <kou(at)clear-code(dot)com> |
| Cc: | sawada(dot)mshk(at)gmail(dot)com, zhjwpku(at)gmail(dot)com, michael(at)paquier(dot)xyz, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Make COPY format extendable: Extract COPY TO format implementations |
| Date: | 2025-02-03 06:38:04 |
| Message-ID: | d838025aceeb19c9ff1db702fa55cabf@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Sutou Kouhei писал(а) 2025-02-01 17:12:
> Hi,
>
Hi
I would like to inform about the security breach in your design of COPY
TO/FROM.
You use FORMAT option to add new formats, filling it with routine name
in shared library. As result any caller can call any routine in
PostgreSQL kernel.
I think, it will start competition, who can find most dangerous routine
to call just from COPY FROM command.
Standard PostgreSQL realisation for new methods to use USING keyword.
Every
new method could have own options (FORMAT is option of internal 'copy
from/to'
methods), it assumes some SetOptions interface, that defines
an options structure according to the new method requirements.
I agree with the general direction of the extensibility, but it should
be secure
and consistent.
--
Best regards,
Vladlen Popolitov.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Antonin Houska | 2025-02-03 07:01:45 | Re: why there is not VACUUM FULL CONCURRENTLY? |
| Previous Message | Amit Kapila | 2025-02-03 06:34:36 | Re: Introduce XID age and inactive timeout based replication slot invalidation |