Re: master 3d38d1d: Add sqlite3 support to Emacs

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master 3d38d1d: Add sqlite3 support to Emacs

From:	Eli Zaretskii
Subject:	Re: master 3d38d1d: Add sqlite3 support to Emacs
Date:	Wed, 15 Dec 2021 16:53:05 +0200

> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Tue, 14 Dec 2021 23:41:14 +0000
> 
> I'm not at all expert on SQL matters - I read the sqlite documentation
> which points out that there are two ways to allow loading of sqlite
> extensions from C:
> 
> a) sqlite3_db_config(db,SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION,..)
>    - enables sqlite3_load_extension()
>    - does not enable SQL function "load_extension"
> 
> b) sqlite3_enable_load_extension()
>    - enables sqlite3_load_extension()
>    - ALSO enables SQL function "load_extension"
> 
> So if sqlite extensions are to be allowed in emacs, option (a) should be
> preferred. This is explicitly called out as a security issue in the docs.
> 
> Loading sqlite extensions should be disabled by default, and only be
> enabled by explicit user configuration.

But we don't call sqlite3_enable_load_extension, we call only
sqlite3_load_extension.  What does this mean for load_extension -- is
it enabled or disabled?

[Prev in Thread]

Current Thread

[Next in Thread]

Re: master 3d38d1d: Add sqlite3 support to Emacs, (continued)

Prev by Date: Re: move_it_vertically_backward question
Next by Date: Re: Contradictiory directions
Previous by thread: Re: master 3d38d1d: Add sqlite3 support to Emacs
Next by thread: Re: master 3d38d1d: Add sqlite3 support to Emacs
Index(es):
- Date
- Thread