On Fri, 4 Aug 2017, Dominique Devienne wrote:
I really don't see what's controversial with Matt's request :) It's not like load-extension is a performance-critical operation, that trying an extra load is that expensive. And the security consideration that an "attacker" could make it load his own library instead, but using a different name tried before the actual one is moot IMHO, since extension loading is by nature unsafe. In short, I support Matt's request and I hope DRH considers it seriously. FWIW :). --DD
It is true that sqlite normally only needs to load an extension once per invocation. However, loading an extension incurs a cost in that several/many 'stat' operations on the filesystem are necessary in order to find the module unless the full path to it was given (use 'strace', 'truss', or 'dtruss' to see this in action). The security implications can be severe on some popular operating systems.
As I mentioned before, two very popular desktop OSs (Microsoft Windows and Apple's OS X) have a defined pattern in that they will search the current directory for a module by default. Hopefully it should sink in that if one requests loading the extension while the process current directory is currently in a potentially 'hostile' directory that this may lead to the compromise of the account of the user ID executing sqlite because arbitrary binary code can be injected.
Lazy programmers who request such things are of the same ilk which use programming practices resulting in SQL injection attacks. Sqlite should not promote such practices.
Bob -- Bob Friesenhahn bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
