| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: Re: pgsql: Convert contrib/seg's bool-returning SQL functions to V1 call co |
| Date: | 2016-04-27 03:04:11 |
| Message-ID: | 20160427030411.hjod6bja6pjnmlab@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On 2016-04-26 22:59:44 -0400, Tom Lane wrote:
> What's the argument that it makes debugging harder? Especially if
> you aren't using it?
If you try to write a V1 function, but forget or mistype/rename the
function in PG_FUNCTION_INFO_V1, you'll get crashes, at least if you're
lucky.
> I don't particularly buy the "easier exploitation" argument, either.
> You can't create a C function without superuser, and if you've got
> superuser there are plenty of ways to run arbitrary code.
Without pl*u installed, I don't think any of them are as simple as
calling system(). But yea, it's not a very high barrier.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2016-04-27 03:35:56 | pgsql: Emit invalidations to standby for transactions without xid. |
| Previous Message | Tom Lane | 2016-04-27 02:59:44 | Re: Re: pgsql: Convert contrib/seg's bool-returning SQL functions to V1 call co |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2016-04-27 03:08:28 | Re: Removing faulty hyperLogLog merge function |
| Previous Message | Andres Freund | 2016-04-27 03:00:49 | Re: EXPLAIN VERBOSE with parallel Aggregate |