On 2016-04-26 22:59:44 -0400, Tom Lane wrote: > What's the argument that it makes debugging harder? Especially if > you aren't using it?
If you try to write a V1 function, but forget or mistype/rename the function in PG_FUNCTION_INFO_V1, you'll get crashes, at least if you're lucky. > I don't particularly buy the "easier exploitation" argument, either. > You can't create a C function without superuser, and if you've got > superuser there are plenty of ways to run arbitrary code. Without pl*u installed, I don't think any of them are as simple as calling system(). But yea, it's not a very high barrier. -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
