Tom Lane wrote:
> If you're not clear on why CREATE TYPE in the hands of a bad guy is
> dangerous, here are a couple of reasons:
> * By specifying type representation details (len/byval/align) that are
> different from what the type's functions expect, you could trivially
> crash the backend, and less trivially use a pass-by-reference I/O
> function to read out the contents of backend memory.
I think being able to return cstring from a user defined function is
quite dangerous already. I doubt we would ever give that capability to
I do agree that creating base types should require a superuser though.
It too seems dangerous just on principle, even if today there's no
actual hole (that we already know of).
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2008-07-30 22:13:10|
|Subject: Re: Should creating a new base type require superuser status? |
|Previous:||From: Gregory Stark||Date: 2008-07-30 22:01:06|
|Subject: Re: Should creating a new base type require superuser status?|