Andrew Dunstan <[EMAIL PROTECTED]> writes: > The question in my mind is "What are we protecting against?" ISTM it is > the use of the pl as a vector to attack the machine and postgres. Does a > segfault come into that category? After all, isn't it one of postgres's > strengths that we can survive individual backends crashing?
Yeah, but a repeatable segfault certainly is an adequate tool for a denial-of-service attack, since it takes out everyone else's sessions along with your own. A possibly larger objection is how sure can you be that the effects will *only* be a segfault, and not say the ability to execute some user-injected machine code. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly