On Thu, 2008-07-31 at 09:39 +0100, Andrew Sullivan wrote:
> On Wed, Jul 30, 2008 at 06:07:53PM -0400, Alvaro Herrera wrote:
>
> > I do agree that creating base types should require a superuser though.
> > It too seems dangerous just on principle, even if today there's no
> > actual hole (that we
Kris Jurka <[EMAIL PROTECTED]> writes:
> On Wed, 30 Jul 2008, Alvaro Herrera wrote:
>> I do agree that creating base types should require a superuser though.
>> It too seems dangerous just on principle, even if today there's no
>> actual hole (that we already know of).
> pl/java already allows non
On Wed, 30 Jul 2008, Alvaro Herrera wrote:
I think being able to return cstring from a user defined function is
quite dangerous already. I doubt we would ever give that capability to
non-superusers.
I do agree that creating base types should require a superuser though.
It too seems dangerous
On Wed, Jul 30, 2008 at 06:07:53PM -0400, Alvaro Herrera wrote:
> I do agree that creating base types should require a superuser though.
> It too seems dangerous just on principle, even if today there's no
> actual hole (that we already know of).
I agree.
--
Andrew Sullivan
[EMAIL PROTECTED]
+1
Gregory Stark <[EMAIL PROTECTED]> writes:
> "Tom Lane" <[EMAIL PROTECTED]> writes:
>> Unless you're going to allow them to create new C functions, I'm not
>> clear on how much they're going to be able to change the semantics.
> Well there's plenty that can be done just using text or bytea as
> rep
Tom Lane wrote:
> If you're not clear on why CREATE TYPE in the hands of a bad guy is
> dangerous, here are a couple of reasons:
>
> * By specifying type representation details (len/byval/align) that are
> different from what the type's functions expect, you could trivially
> crash the backend, a
"Tom Lane" <[EMAIL PROTECTED]> writes:
>> As a consequence we could perhaps aim to make creating new types safe rather
>> than just deal with the fact that it's not safe currently? It would be nice
>> if
>> non-superusers could create types which used an existing set of input/output
>> functions
Gregory Stark <[EMAIL PROTECTED]> writes:
> I know when I was first starting out it was a big source of frustration that
> you have to get those arguments right.. Until I figured out what they all
> meant and how to use them I was constantly crashing the server.
> It seems to me we should be able
"Tom Lane" <[EMAIL PROTECTED]> writes:
> If you're not clear on why CREATE TYPE in the hands of a bad guy is
> dangerous, here are a couple of reasons:
>
> * By specifying type representation details (len/byval/align) that are
> different from what the type's functions expect, you could trivially
Currently, you're allowed to create a new base type if you own the I/O
functions for it. That effectively restricts the command to superusers
anyway, since there's presently no way for a non-superuser to create
a function that would have the required signature. However that's a
fairly indirect pr
10 matches
Mail list logo
