Skip site navigation (1) Skip section navigation (2)

Re: Fwd: Infinite recursion in function causes DoS

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Martin Pitt <martin(at)piware(dot)de>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: Fwd: Infinite recursion in function causes DoS
Date: 2004-03-26 20:53:17
Message-ID: 20040326205317.GF20194@wolff.to (view raw or flat)
Thread:
Lists: pgsql-bugs
On Thu, Mar 25, 2004 at 12:25:33 +0100,
  Martin Pitt <martin(at)piware(dot)de> wrote:
> 
> Either way, this situation leads to a DoS of the database system or the
> entire machine.  Since any user with enough privileges to access the
> database can create and execute functions, this raises a slight security
> concern.

It is going to be very difficult to prevent authorized postgres users
from DOSing the server. While fixing this issue will make it harder
to accidentally shoot ones self in the foot, you cannot expect to give
untrusted users access to postgres and have the server be secure from
DOS attacks.

In response to

pgsql-bugs by date

Next:From: Bruno Wolff IIIDate: 2004-03-26 20:56:42
Subject: Re: Fwd: Default pg_autovacuum config glitches
Previous:From: PostgreSQL Bugs ListDate: 2004-03-26 19:13:05
Subject: BUG #1117: Time calculation from epoch is 12 hours out

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group