Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1teq5x-00FxC6-SG for pgsql-hackers@arkaria.postgresql.org; Mon, 03 Feb 2025 06:38:10 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1teq5w-00AqEp-Jl for pgsql-hackers@arkaria.postgresql.org; Mon, 03 Feb 2025 06:38:08 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1teq5w-00AqDe-9x for pgsql-hackers@lists.postgresql.org; Mon, 03 Feb 2025 06:38:08 +0000 Received: from mail.postgrespro.ru ([93.174.131.139]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1teq5t-002zSk-1X for pgsql-hackers@postgresql.org; Mon, 03 Feb 2025 06:38:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=postgrespro.ru; s=mx2023; t=1738564684; bh=jziB4ffEwG5SQgdK2MDwTmkAmb1772xcIa5dDRGQarE=; h=Date:From:To:Cc:Subject:In-Reply-To:References:Message-ID:From; b=b+Z+CrOK8UyKouhAd2JPNdxciI4eq2lEFght6NqkVFYHdba+8v4//tnoDN/zK/gsE MIZ2aPN8AEdNybkpx3ldLhQMtGPE9vHIzjTzreJXlnQAoB4UHKmdLxpLNgXw3X9GYz z+do4cOQyidKRG2BlZ8Y+TW5NVcn5nUBXpQtFKLeXdMcoXInJ4hnn6p1PDFD2o5O00 vaFiei/Gbdf9zyYww5nqxOcBdGFQYcI6xWoN6FIbSDrsSZdB1fFxkfIoUxLzHYZgaw Ts9lsrA7QZT7zZwXawS+Tc5m5lvmNDNKND7EWMhRjD6uBy6AuG8EnmyQDVsRtr+9ap KzS6yKu7e6yeA== Received: from mail.postgrespro.ru (webmail-slave-mstn.l.postgrespro.ru [192.168.2.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: v.popolitov@postgrespro.ru) by mail.postgrespro.ru (Postfix/587) with ESMTPSA id 9C41D60464; Mon, 3 Feb 2025 09:38:04 +0300 (MSK) MIME-Version: 1.0 Date: Mon, 03 Feb 2025 13:38:04 +0700 From: Vladlen Popolitov To: Sutou Kouhei Cc: sawada.mshk@gmail.com, zhjwpku@gmail.com, michael@paquier.xyz, pgsql-hackers@postgresql.org Subject: Re: Make COPY format extendable: Extract COPY TO format implementations In-Reply-To: <20250201.191201.966818981739331450.kou@clear-code.com> References: <20250201.081023.1138852014934985490.kou@clear-code.com> <20250201.191201.966818981739331450.kou@clear-code.com> Message-ID: X-Sender: v.popolitov@postgrespro.ru Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-KSMG-AntiPhishing: NotDetected X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 2.1.0.7854, bases: 2025/02/03 03:45:00 #27199584 X-KSMG-AntiVirus-Status: NotDetected, skipped X-KSMG-LinksScanning: not scanned, disabled by settings X-KSMG-Message-Action: skipped X-KSMG-Rule-ID: 1 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Sutou Kouhei писал(а) 2025-02-01 17:12: > Hi, > Hi I would like to inform about the security breach in your design of COPY TO/FROM. You use FORMAT option to add new formats, filling it with routine name in shared library. As result any caller can call any routine in PostgreSQL kernel. I think, it will start competition, who can find most dangerous routine to call just from COPY FROM command. Standard PostgreSQL realisation for new methods to use USING keyword. Every new method could have own options (FORMAT is option of internal 'copy from/to' methods), it assumes some SetOptions interface, that defines an options structure according to the new method requirements. I agree with the general direction of the extensibility, but it should be secure and consistent. -- Best regards, Vladlen Popolitov.