| From: | Marcin Owsiany <marcin(at)owsiany(dot)pl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Security implications of (plpgsql) functions |
| Date: | 2002-10-19 17:17:13 |
| Message-ID: | 20021019171713.GA3704@melina.ds14.agh.edu.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
CREATE FUNCTION "x" (integer) RETURNS integer AS '
BEGIN
RETURN x(0);
END' LANGUAGE 'plpgsql' WITH ( isstrict );
SELECT x(0);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!>
The log says:
DEBUG: server process (pid 3550) was terminated by signal 11
DEBUG: terminating any other active server processes
The thing that worries me most is the last message: postmaster terminates all
other backends, therefore overflowing the stack via a plpgsql function can be
used to DoS-attack the server.
Is there anything one (as a postgresql installation admin) can do? Disabling
procedural languages in databases of the users I don't trust comes to mind, but
does it really make me safe? I mean: won't such attack still be possible with
pure SQL?
regards,
Marcin
--
Marcin Owsiany <marcin(at)owsiany(dot)pl> http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
"Every program in development at MIT expands until it can read mail."
-- Unknown
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Lane | 2002-10-19 19:36:13 | Working with foreign key constraints |
| Previous Message | Tom Lane | 2002-10-19 16:38:04 | Re: Connection timeout.. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nigel J. Andrews | 2002-10-19 17:27:23 | Re: Freeing plan memory |
| Previous Message | Tom Lane | 2002-10-19 16:59:14 | Re: Freeing plan memory |