On Tuesday, 21 January, 2020 05:28, Richard Hipp <d...@sqlite.org> wrote:

>On 1/21/20, Keith Medcalf <kmedc...@dessus.com> wrote:

>> Richard,
>>
>> The TRUSTED_SCHEMA setting works really well but I have noticed one
>> problem (there may be more, but I haven't run across any yet) with 
>> it that is perhaps easy to address, though it needs to be done 
>> properly.  That is perhaps adding an innocuous flag to pragma 
>> definitions in mkpragmatab.tcl so that it can be carried though 
>> into the vtable code that handles pragma_<pragma_name> xConnect 
>> method.
>>
>> This would permit pragma's such as table_info (for example) to be
>> marked as innocuous so that pragma_table_info could be used in a 
>> view even when the schema is untrusted.

> That would potentially leak information about the schemas of other
> attached database files.  It seems like a harmless information leak,
> but it is a leak nevertheless.
>
> If you are setting untrusted schema (as you probably should) but you
> need to use pragma virtual tables inside of triggers and views,
> consider putting them inside TEMP triggers and views.  TEMP triggers
> and views, because they must originate in the application itself, are
> always trusted.

Done, tested, and putting those views in temp works just fine.

And yes, I agree that not marking the pragma vtabs as innocuous is the right 
thing.

-- 
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.



_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to