Jeff Janes wrote: > On Tue, Sep 20, 2016 at 12:19 AM, Michael Paquier <michael.paqu...@gmail.com > > wrote: > > > > > Note: the patch checks if a superuser is calling the new functions, > > which is a good thing. > > > > If we only have the bytea functions and the user needs to supply the raw > pages themselves, rather than having the function go get the raw page for > you, is there any reason to restrict the interpretation function to super > users? I guess if we don't trust the C coded functions not to dereference > bogus data in harmful ways?
Yeah, it'd likely be simple to manufacture a fake page that causes the server to misbehave resulting in a security leak or at least DoS. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers