| From: | Jet <zhangchenxi(at)halodbtech(dot)com> |
|---|---|
| To: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Potential security risk associated with function call |
| Date: | 2026-03-10 12:27:33 |
| Message-ID: | tencent_67A43A0A37B0AB350E39C64A@qq.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Correct. This is expected behaviour: the "internal" and "c" languages
> are not 'trusted' languages, and therefore only superusers can create
> functions using these languages.
Yes, you're right, only superusers can create "in.ternal" and "c" languages
> It is the explicit responsibility of
> the superuser to make sure the functions they create using untrusted
> languages are correct and execute safely when called by PostgreSQL.
But the question is how can a superuser know the "internal" and "c" functions
implementation details? He will not know whether the code has !PG_ARGISNULL(...),
and create a harmful function accidentally...
Jet
Halo Tech
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Junwang Zhao | 2026-03-10 12:28:47 | Re: Eliminating SPI / SQL from some RI triggers - take 3 |
| Previous Message | Kirill Reshke | 2026-03-10 12:26:30 | Re: SQL:2011 Application Time Update & Delete |