>>>>> "Tom" == Tom Lane <[EMAIL PROTECTED]> writes:
>> Tom, could you please elaborate where you see a security hole? Tom> The problem that we've seen in the past shows up when the user Tom> lies in the CREATE TYPE command, specifying type representation Tom> properties that are different from what the underlying functions Tom> expect. In particular, if it's possible to pass a pass-by-value Tom> integer to a function that's expecting a pass-by-reference Tom> datum, you can misuse the function to access backend memory. It strikes me that type output functions are routinely invoked by superusers (e.g. during pg_dump), and therefore if a non-superuser can create a type, that seems to imply that there's no way for a superuser to safely examine or dump the content of the database without risking the execution of untrusted code, correct? -- Andrew (irc:RhodiumToad) -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
