Tom Lane wrote: > If you're not clear on why CREATE TYPE in the hands of a bad guy is > dangerous, here are a couple of reasons: > > * By specifying type representation details (len/byval/align) that are > different from what the type's functions expect, you could trivially > crash the backend, and less trivially use a pass-by-reference I/O > function to read out the contents of backend memory.
I think being able to return cstring from a user defined function is quite dangerous already. I doubt we would ever give that capability to non-superusers. I do agree that creating base types should require a superuser though. It too seems dangerous just on principle, even if today there's no actual hole (that we already know of). -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
