Re: [GENERAL] Security implications of (plpgsql) functions

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: [GENERAL] Security implications of (plpgsql) functions
Дата
Msg-id 200210211551.g9LFp5W25783@candle.pha.pa.us
обсуждение исходный текст
Ответы Re: [GENERAL] Security implications of (plpgsql) functions
Список pgsql-hackers
Дерево обсуждения 
[ Thread moved to hackers.]

Crash reproduced here.

My guess is that you are recursing and crashing the backend, which then
forces the other backends to reset. I think we need to fix this by
either setting a limit in the amount of function recursion, or allowing
only the offending backend to crash without forcing all the other
backends to crash.

---------------------------------------------------------------------------

Marcin Owsiany wrote:
> CREATE FUNCTION "x" (integer) RETURNS integer AS '
> BEGIN
>     RETURN x(0);
> END' LANGUAGE 'plpgsql' WITH ( isstrict );
> SELECT x(0);
> server closed the connection unexpectedly
>         This probably means the server terminated abnormally
>         before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.
> !>
> 
> The log says:
>  DEBUG:  server process (pid 3550) was terminated by signal 11
>  DEBUG:  terminating any other active server processes
> 
> The thing that worries me most is the last message: postmaster terminates all
> other backends, therefore overflowing the stack via a plpgsql function can be
> used to DoS-attack the server.
> 
> Is there anything one (as a postgresql installation admin) can do?  Disabling
> procedural languages in databases of the users I don't trust comes to mind, but
> does it really make me safe? I mean: won't such attack still be possible with
> pure SQL?
> 
> regards,
> 
> Marcin
> -- 
> Marcin Owsiany <marcin@owsiany.pl>              http://marcin.owsiany.pl/
> GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
>  
> "Every program in development at MIT expands until it can read mail."
>                                                               -- Unknown
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073

В списке pgsql-hackers по дате отправления: