Re: [HACKERS] [BUGS] Server crash while trying to read expression using pg_get_expr()

Heikki Linnakangas Wed, 09 Jun 2010 07:39:25 -0700

On 09/06/10 17:34, Tom Lane wrote:

Heikki Linnakangas<heikki.linnakan...@enterprisedb.com>  writes:

We have two options:

1. Make pg_get_expr() handle arbitrary (possibly even malicious) input
gracefully.

2. Restrict pg_get_expr() to superusers only.


I think #1 is a fool's errand.  There is far too much structure to a
node tree that is outside the scope of what readfuncs.c is capable of
understanding.

That's why I said that ruleutils.c will need to understand and complainabout the rest.


Are you thinking we should restrict pg_get_expr() to superusers then?

--
  Heikki Linnakangas
  EnterpriseDB   http://www.enterprisedb.com

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] [BUGS] Server crash while trying to read expression using pg_get_expr()

Reply via email to