Quick Links

Re: Potential security risk associated with function call

From:	Jet <zhangchenxi(at)halodbtech(dot)com>
To:	Anders Åstrand <anders(at)449(dot)se>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Potential security risk associated with function call
Date:	2026-03-10 11:50:07
Message-ID:	tencent_4C1BBF801C0B99C81131BAF6@qq.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> My gut reaction would be to limit the creation of functions with
> language=internal to superusers, but that wouldn't work as it would
> break CREATE EXTENSION when there are server modules involved.
>
> Maybe all C functions that are able to be used as language=internal
> needs to explicitly check nargs at the top of the function?
Yes, all C functions suffer such potential risk, not only language=internal.
So limit the creation of functions with language=internal is not enough.

Jet
Halo Tech

In response to

Re: Potential security risk associated with function call at 2026-03-10 10:50:42 from Anders Åstrand

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Matthias van de Meent	2026-03-10 11:53:10	Re: [WiP] B-tree page merge during vacuum to reduce index bloat
Previous Message	Nazir Bilal Yavuz	2026-03-10 11:42:28	Re: Speed up COPY FROM text/CSV parsing using SIMD