Re: Is PQfn() insecure or not?
| От | ljb |
|---|---|
| Тема | Re: Is PQfn() insecure or not? |
| Дата | |
| Msg-id | auvo7p$1viu$1@news.hub.org обсуждение |
| Ответ на | Re: Is PQfn() insecure or not? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-interfaces |
tgl@sss.pgh.pa.us wrote: > ljb <lbayuk@mindspring.com> writes: >> "Programmer's Guide, Client Interfaces, libpq, The Fast-Path Interface" >> describes PQfn() and has this alarming remark: >> "This is a trapdoor into system internals and can be a potential >> security hole." >> Sure this isn't true. PQfn() just lets a frontend call a function which is >> also accessible (if maybe not useful) via a SELECT statement, correct? > > The insecure part is not the function call per se (*); it's the fact > that the frontend feeds raw internal-format values to the backend for > the function's parameters. It'd be fairly trivial to cause a backend > crash by feeding bogus data. Not sure whether it's possible to do > anything worse than that. Well, if it's 'just' a backend fatal error, that would be OK with me - you can crash your own backend, big deal. But if it can cause a "panic" and take out all the backends, that would be more serious, and one could argue that this means PostgreSQL needs more parameter checking. I think I'll try and see how much damage I can do.
В списке pgsql-interfaces по дате отправления: