On Sat, 2 Aug 2008, Tom Lane wrote:
> So what exactly does happen when the user deliberately specifies wrong
> typlen/typbyval/typalign info when creating a type based on PL/Java
> functions?
I have reviewed pljava's handling of misrepresented alignment, length, and
by value parameters
1) Alignment: pljava reads and writes data a byte at a time, so all types
effectively have char alignment. Reading an integer will read
four bytes out of memory and then put those together. Therefore the
alignment cannot be misspecified.
2) Length: For fixed length types, pljava correctly detects trying to
read or write too much data and not supplying enough data on write.
Pljava does not correctly handle variable length types. It should be
setting and reading the length header itself rather than leaving that up
to the user, but it is not.
3) By value: pljava does not correctly handle passed by value types
correctly, allowing access to random memory.
So yes, pljava has a security problem, but I still object to the statement
that no PL can do this securely. I will work on fixing pljava, but I
request the change for superuser requirement for type creation be
reverted. The fact that no PL currently does it correctly is not a reason
to prohibit a PL from doing it correctly.
Kris Jurka
