Peter, > On 8/3/17, 8:27 AM, "sqlite-users on behalf of Ulrich Telle" wrote: > > I really don't think that the latter is true. To overcome the restriction > > is extremly simple, if you don't care about memory leaks. Just do [...] > > If you’re creating a malicious extension, sure. But if you’re creating > an exploit this seems like an odd way to go about it. It’d be simpler > to implement something like “SELECT root_shell_on_port(1337);”
I have no intention at all to create malicious extensions. I just develop and maintain a SQLite wrapper and stumbled across this restriction with static pointer type strings, when I started to add support for the new pointer-passing interface and tested it with the carray extension. In the meantime I already managed to adjust my wrapper to get along with the restriction. Nevertheless, I think the pointer type string restriction gives a false sense of security. Regards, Ulrich _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
