On Fri, Apr 30, 2021 at 12:57 PM Tom Lane wrote:
> By my count, we have three votes for forbidding procedure calls via
> fastpath in all branches (me, Joe, Michael), and two for doing
> something laxer (Noah, Laurenz). The former is surely the safer
> choice, so I'm going to go do that.
FWIW, I'
Michael Paquier writes:
> On Tue, Mar 09, 2021 at 02:33:47PM -0500, Joe Conway wrote:
>> My vote would be reject using fastpath for procedures in all relevant
>> branches.
>> If someday someone cares enough to make it work, it is a new feature for a
>> new
>> major release.
> FWIW, my vote woul
On Tue, Mar 09, 2021 at 02:33:47PM -0500, Joe Conway wrote:
> My vote would be reject using fastpath for procedures in all relevant
> branches.
> If someday someone cares enough to make it work, it is a new feature for a new
> major release.
FWIW, my vote would go for issuing an error if attempti
On Wed, Mar 10, 2021 at 10:03:24AM +0100, Laurenz Albe wrote:
> On Tue, 2021-03-09 at 14:15 -0500, Tom Lane wrote:
> > As for procedures, I'm of the opinion that we should just reject those
> > too, but some other security team members were not happy with that
> > idea. Conceivably we could attemp
On Tue, 2021-03-09 at 14:15 -0500, Tom Lane wrote:
> The security team received a report from Theodor-Arsenij
> Larionov-Trichkin of PostgresPro that it's possible to crash the
> backend with an assertion or null-pointer dereference by trying to
> call a window function via the "fast path function
On 3/9/21 2:15 PM, Tom Lane wrote:
> So the question on the table is what to do about this. As far as
> window functions go, it seems clear that fastpath.c should just reject
> any attempt to call a window function that way (or an aggregate for
> that matter; aggregates fail already, but with rela
The security team received a report from Theodor-Arsenij
Larionov-Trichkin of PostgresPro that it's possible to crash the
backend with an assertion or null-pointer dereference by trying to
call a window function via the "fast path function call" protocol
message. fastpath.c doesn't set up any Wind
