X-Original-To: pgsql-docs@postgresql.org Received: from sss.pgh.pa.us (unknown [192.204.191.242]) by postgresql.org (Postfix) with ESMTP id E9D4647651B for ; Thu, 6 Mar 2003 18:19:28 -0500 (EST) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.12.8/8.12.8) with ESMTP id h26NJRx6025948; Thu, 6 Mar 2003 18:19:27 -0500 (EST) To: Peter Eisentraut Cc: pgsql-docs@postgresql.org Subject: Re: Fast-Path documentation In-reply-to: References: Comments: In-reply-to Peter Eisentraut message dated "Wed, 05 Mar 2003 18:13:17 +0100" Date: Thu, 06 Mar 2003 18:19:27 -0500 Message-ID: <25947.1046992767@sss.pgh.pa.us> From: Tom Lane X-Archive-Number: 200303/13 X-Sequence-Number: 1691 Peter Eisentraut writes: > The libpq documentation contains this: > """ > PostgreSQL provides a fast-path interface to > send function calls to the backend. This is a trapdoor into system > internals and can be a potential security hole. Most users will not need > this feature. > """ > Why and under what circumstances is this a security hole, and what is a > user to do about it? The security problem is that the frontend feeds raw internal-format data to the backend. While this is relatively harmless for datatypes with no internal structure, it'd be pretty easy to crash the backend by feeding in a misconstructed polygon, for example. There was some discussion of this in pgsql-interfaces awhile back, see http://archives.postgresql.org/pgsql-interfaces/2003-01/msg00000.php There are a bunch of other problems with the fast-path protocol; see comments in src/backend/tcop/fastpath.c. I consider redesigning it to be one of the "must do" topics for the long-threatened protocol revision. regards, tom lane