Date: Mon, 17 Dec 2018 13:44:16 -0500 From: "Cameron, Frank J" <cameron@ctc.com> To: freebsd-security@freebsd.org Subject: Re: SQLite vulnerability Message-ID: <20181217184416.GL10650@linux116.ctc.com> In-Reply-To: <13776b0f-8c74-341f-5fda-42ddd9624635@gmail.com> References: <20181217120937.GC78044@smtp.iq.pl> <20181217141432.GJ10650@linux116.ctc.com> <13776b0f-8c74-341f-5fda-42ddd9624635@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 17, 2018 at 10:02:36AM -0800, Hugh LaMaster wrote: > On 12/17/18 6:14 AM, Cameron, Frank J wrote: > > 'The new SQLITE_DBCONFIG_DEFENSIVE features is more of a > > defense-in-depth, designed to head off future vulnerabilities by > > making shadow-tables read-only to ordinary SQL, along with some > > other restrictions. ... > > Just a random thought, but, why not turn on "SQLITE_DBCONFIG_DEFENSIVE" > for both base and ports by default, and, let people who need performance > turn it off manually by choice? > > I'm always in favor of turning on useful security, and, letting people > who need the extra performance turn off certain features manually > and consciously. I haven't seen anything to indicate that there's a performance difference with enabling the defensive flag, but an application that expected to be able to write to the shadow tables[*] would, I assume, crash if the the option was enabled. Upstream will not enable this mode by default: Shadow tables are read/write by default. Shadow tables only become read-only when the SQLITE_DBCONFIG_DEFENSIVE flag is set using sqlite3_db_config(). Shadow tables need to be read/write by default in order to maintain backwards compatibility. For example, the SQL text generated by the .dump command of the CLI writes directly into shadow tables. https://www.sqlite.org/vtab.html#xshadowname (FreshPorts lists close to 400 ports that depend on the sqlite3 port.) [*] When the defensive flag is enabled... The disabled features include but are not limited to the following: * The PRAGMA writable_schema=ON statement. * Writes to the sqlite_dbpage virtual table. * Direct writes to shadow tables. https://sqlite.org/c3ref/c_dbconfig_defensive.html ----------------------------------------------------------------- This message and any files transmitted within are intended solely for the addressee or its representative and may contain company proprietary information. If you are not the intended recipient, notify the sender immediately and delete this message. Publication, reproduction, forwarding, or content disclosure is prohibited without the consent of the original sender and may be unlawful. Concurrent Technologies Corporation and its Affiliates. www.ctc.com 1-800-282-4392 -----------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181217184416.GL10650>