diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2009-09-03 22:11:07 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2009-09-03 22:11:07 +0000 |
| commit | 602a9ef5a7c60151e10293ae3c4bb3fbb0132d03 (patch) | |
| tree | 24ab2e6dfb25ef317f3836c8ab5f9f4617763586 /src/backend/utils | |
| parent | 187e5d8981210c00f7f824de4926d036006d5b02 (diff) | |
| download | postgresql-602a9ef5a7c60151e10293ae3c4bb3fbb0132d03.tar.gz postgresql-602a9ef5a7c60151e10293ae3c4bb3fbb0132d03.zip | |
Make LOAD of an already-loaded library into a no-op, instead of attempting
to unload and re-load the library.
The difficulty with unloading a library is that we haven't defined safe
protocols for doing so. In particular, there's no safe mechanism for
getting out of a "hook" function pointer unless libraries are unloaded
in reverse order of loading. And there's no mechanism at all for undefining
a custom GUC variable, so GUC would be left with a pointer to an old value
that might or might not still be valid, and very possibly wouldn't be in
the same place anymore.
While the unload and reload behavior had some usefulness in easing
development of new loadable libraries, it's of no use whatever to normal
users, so just disabling it isn't giving up that much. Someday we might
care to expend the effort to develop safe unload protocols; but even if
we did, there'd be little certainty that every third-party loadable module
was following them, so some security restrictions would still be needed.
Back-patch to 8.2; before that, LOAD was superuser-only anyway.
Security: unprivileged users could crash backend. CVE not assigned yet
Diffstat (limited to 'src/backend/utils')
| -rw-r--r-- | src/backend/utils/fmgr/dfmgr.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/backend/utils/fmgr/dfmgr.c b/src/backend/utils/fmgr/dfmgr.c index 8b819df279c..ef728dc3e85 100644 --- a/src/backend/utils/fmgr/dfmgr.c +++ b/src/backend/utils/fmgr/dfmgr.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.99 2009/06/11 14:49:05 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/utils/fmgr/dfmgr.c,v 1.100 2009/09/03 22:11:07 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -385,10 +385,17 @@ incompatible_module_error(const char *libname, * Unload the specified dynamic-link library file, if it is loaded. * * Note: libname is expected to be an exact name for the library file. + * + * XXX for the moment, this is disabled, resulting in LOAD of an already-loaded + * library always being a no-op. We might re-enable it someday if we can + * convince ourselves we have safe protocols for un-hooking from hook function + * pointers, releasing custom GUC variables, and perhaps other things that + * are definitely unsafe currently. */ static void internal_unload_library(const char *libname) { +#ifdef NOT_USED DynamicFileList *file_scanner, *prv, *nxt; @@ -436,6 +443,7 @@ internal_unload_library(const char *libname) else prv = file_scanner; } +#endif /* NOT_USED */ } static bool |