| From: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
|---|---|
| To: | Jet <zhangchenxi(at)halodbtech(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential security risk associated with function call |
| Date: | 2026-03-10 12:02:52 |
| Message-ID: | CAEze2WjirTP5cN=CFu9+mN7=E02pgN5zfmVJtNdcjO9xJHpGUg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 10 Mar 2026 at 11:25, Jet <zhangchenxi(at)halodbtech(dot)com> wrote:
>
> Hi Hackers,
>
> Recently, I notice a security risk when calling a function, it's strange but also interesting. E.g.
>
> `array_to_text_null` is a bultin function with 3 args. Normally, the function is working well. **BUT**
> if we create another version `array_to_text_null` function, say `harmful_array_to_string`, but with 2 args:
[...]
> And the we call the new function:
[...]
> It will cause the server crash~
Correct. This is expected behaviour: the "internal" and "c" languages
are not 'trusted' languages, and therefore only superusers can create
functions using these languages. It is the explicit responsibility of
the superuser to make sure the functions they create using untrusted
languages are correct and execute safely when called by PostgreSQL.
Kind regards,
Matthias van de Meent
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2026-03-10 12:26:29 | Re: Potential security risk associated with function call |
| Previous Message | Matthias van de Meent | 2026-03-10 11:53:10 | Re: [WiP] B-tree page merge during vacuum to reduce index bloat |