| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | David Helgason <david(at)uti(dot)is>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: plperl Safe restrictions |
| Date: | 2004-10-15 17:27:07 |
| Message-ID: | 10694.1097861227@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> The question in my mind is "What are we protecting against?" ISTM it is
> the use of the pl as a vector to attack the machine and postgres. Does a
> segfault come into that category? After all, isn't it one of postgres's
> strengths that we can survive individual backends crashing?
Yeah, but a repeatable segfault certainly is an adequate tool for a
denial-of-service attack, since it takes out everyone else's sessions
along with your own. A possibly larger objection is how sure can you be
that the effects will *only* be a segfault, and not say the ability to
execute some user-injected machine code.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nurlan M. Mukhanov | 2004-10-15 18:02:47 | CSS |
| Previous Message | Bruce Momjian | 2004-10-15 16:57:35 | Re: [Testperf-general] Re: First set of OSDL Shared Memscalability |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-10-15 17:32:15 | Re: pg_regress --temp-keep |
| Previous Message | Reini Urban | 2004-10-15 17:26:54 | Re: pg_regress --temp-keep |