| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Marcin Owsiany <marcin(at)owsiany(dot)pl> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: [GENERAL] Security implications of (plpgsql) functions |
| Date: | 2002-10-21 15:51:05 |
| Message-ID: | 200210211551.g9LFp5W25783@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
[ Thread moved to hackers.]
Crash reproduced here.
My guess is that you are recursing and crashing the backend, which then
forces the other backends to reset. I think we need to fix this by
either setting a limit in the amount of function recursion, or allowing
only the offending backend to crash without forcing all the other
backends to crash.
---------------------------------------------------------------------------
Marcin Owsiany wrote:
> CREATE FUNCTION "x" (integer) RETURNS integer AS '
> BEGIN
> RETURN x(0);
> END' LANGUAGE 'plpgsql' WITH ( isstrict );
> SELECT x(0);
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.
> !>
>
> The log says:
> DEBUG: server process (pid 3550) was terminated by signal 11
> DEBUG: terminating any other active server processes
>
> The thing that worries me most is the last message: postmaster terminates all
> other backends, therefore overflowing the stack via a plpgsql function can be
> used to DoS-attack the server.
>
> Is there anything one (as a postgresql installation admin) can do? Disabling
> procedural languages in databases of the users I don't trust comes to mind, but
> does it really make me safe? I mean: won't such attack still be possible with
> pure SQL?
>
> regards,
>
> Marcin
> --
> Marcin Owsiany <marcin(at)owsiany(dot)pl> http://marcin.owsiany.pl/
> GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
>
> "Every program in development at MIT expands until it can read mail."
> -- Unknown
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2002-10-21 16:02:18 | Re: Tutorial on postgreSQL |
| Previous Message | Bruce Momjian | 2002-10-21 15:47:35 | Re: [PORTS] Problem compiling on HP/Compaq Tru64 UNIX |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | D. Hageman | 2002-10-21 16:02:16 | Re: Postgresql and multithreading |
| Previous Message | Tom Lane | 2002-10-21 15:35:33 | Re: Please help |