while doing a security review of chromium's implementation of HTML5 DBs, chris noted that some sqlite functions are potential security risks. thus, we would like to blacklist them (or rather, have a list of whitelisted functions). currently, WebCore's sqlite authorizer allows all functions, but has a FIXME comment that wonders what the right thing to do is (WebCore/storage/DatabaseAuthorizer.cpp:281).
here are the functions we'd like to whitelist: http://www.sqlite.org/lang_corefunc.html: all of them, except load_extension(), random() and randomblob() (once we fix some layout tests that currently use randomblob()). http://www.sqlite.org/lang_datefunc.html: all of them http://www.sqlite.org/lang_aggfunc.html: all of them in addition to these standard functions, we'd like to whitelist some functions from a few extensions chromium uses: full text search (fts2.c): whitelist snippet(), offsets(), optimize(), but not fts2_tokenizer(). unicode data (icu.c): whitelist regexp(), lower(), upper(), like(), but not icu_load_collation(). any objection? thanks, dumi
_______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
