Re: [GENERAL] Security implications of (plpgsql) functions

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Marcin Owsiany <marcin@owsiany.pl>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-10-21T16:02:42Z
Lists: pgsql-hackers, pgsql-general
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Crash reproduced here.

FWIW, I got a regular "out of memory" elog.  But I can see that this
would depend on the relative sizes of data limit and stack limit on
a particular platform.

> I think we need to fix this by
> either setting a limit in the amount of function recursion, or allowing
> only the offending backend to crash without forcing all the other
> backends to crash.

Unless you can think of a way to distinguish stack overflow from other
kinds of SIGSEGV, I don't think we can avoid a system-wide restart.
Reducing stack overflow to a plain elog(ERROR) would be really nice,
but how?

A depth limit for PL-function recursion is perhaps feasible, but I can't
say that I care for it a whole lot ... anyone have better ideas?

			regards, tom lane