| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Jet <zhangchenxi(at)halodbtech(dot)com> |
| Cc: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential security risk associated with function call |
| Date: | 2026-03-10 12:37:13 |
| Message-ID: | CAKFQuwZTDJLP1Wt821qk=ZEywkkRqpx+ou2EQKptAtwvFwLjmQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tuesday, March 10, 2026, Jet <zhangchenxi(at)halodbtech(dot)com> wrote:
>
> > It is the explicit responsibility of
> > the superuser to make sure the functions they create using untrusted
> > languages are correct and execute safely when called by PostgreSQL.
> But the question is how can a superuser know the "internal" and "c"
> functions
> implementation details? He will not know whether the code has
> !PG_ARGISNULL(...),
> and create a harmful function accidentally...
You describe the fundamental problem/risk of the entire software industry.
At least PostgreSQL has chosen a business model where the superuser has the
option to read the source code.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kirill Reshke | 2026-03-10 12:39:28 | Re: Potential security risk associated with function call |
| Previous Message | Nazir Bilal Yavuz | 2026-03-10 12:35:30 | Re: Speed up COPY FROM text/CSV parsing using SIMD |