| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Re: Fast-Path documentation |
| Date: | 2003-03-06 23:19:27 |
| Message-ID: | 25947.1046992767@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> The libpq documentation contains this:
> """
> <productname>PostgreSQL</productname> provides a fast-path interface to
> send function calls to the backend. This is a trapdoor into system
> internals and can be a potential security hole. Most users will not need
> this feature.
> """
> Why and under what circumstances is this a security hole, and what is a
> user to do about it?
The security problem is that the frontend feeds raw internal-format data
to the backend. While this is relatively harmless for datatypes with no
internal structure, it'd be pretty easy to crash the backend by feeding
in a misconstructed polygon, for example. There was some discussion of
this in pgsql-interfaces awhile back, see
http://archives.postgresql.org/pgsql-interfaces/2003-01/msg00000.php
There are a bunch of other problems with the fast-path protocol; see
comments in src/backend/tcop/fastpath.c. I consider redesigning it to
be one of the "must do" topics for the long-threatened protocol revision.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2003-03-07 00:44:14 | Re: Compiling postgresql |
| Previous Message | Delao, Darryl W | 2003-03-06 21:02:16 | Re: Compiling postgresql |