From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: master 3d38d1d: Add sqlite3 support to Emacs Date: Wed, 15 Dec 2021 16:53:05 +0200 Message-ID: <83lf0lj4xa.fsf@gnu.org> References: <20211211035614.15517.53830@vcs0.savannah.gnu.org> <20211211035616.984DD20A0A@vcs0.savannah.gnu.org> <87ee6j4ty4.fsf@yahoo.com> <8735mz4o70.fsf@yahoo.com> <83k0gbr0dm.fsf@gnu.org> <87y24r33bn.fsf@yahoo.com> <87ilvu1ldh.fsf@yahoo.com> <87a6h5tap6.fsf@gnus.org> <87tufbu7jg.fsf@yahoo.com> <87y24nr6nk.fsf@gnus.org> <87lf0ntz0t.fsf@yahoo.com> <87pmpzr3jz.fsf@gnus.org> <87h7bbtukz.fsf@yahoo.com> <87h7bbqy5o.fsf@gnus.org> <83fsqvl48w.fsf@gnu.org> <878rwnqqd9.fsf@gnus.org> <838rwnl31m.fsf@gnu.org> <868rwmrbz9.fsf@gmail.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34943"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Andy Moreton Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Wed Dec 15 16:19:55 2021 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mxW4R-0008zR-B8 for ged-emacs-devel@m.gmane-mx.org; Wed, 15 Dec 2021 16:19:55 +0100 Original-Received: from localhost ([::1]:37966 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mxW4Q-0001Qa-9R for ged-emacs-devel@m.gmane-mx.org; Wed, 15 Dec 2021 10:19:54 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:58118) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxVen-00036Y-PF for emacs-devel@gnu.org; Wed, 15 Dec 2021 09:53:25 -0500 Original-Received: from [2001:470:142:3::e] (port=52436 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxVen-000488-FS; Wed, 15 Dec 2021 09:53:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=TcayDN1GZwmzlKgqok11pDXGSqBhDgSg+neCKzyjDEE=; b=EmkzcHdgDo7t 30L1tf20R8bCfEsEIHKlBSgUG8QZyNEv+K4jqQe6PufS93zLT6gsWUkJ5PdZHcwyTnO4or5zzz8O+ A27fTSDuZrQCNZg+KkaWCqkIv383oa073NSz5c5wuI5zZkePxaTxPyoTYoS8Of3xO7RSV9m0tqHXO YZwSHe8KZZIjX9RgI1R5gK4W2LgzhKTMy6e5bNkxsmSzAPXP4C6K1YqHh1L1ge16M/EfZ6RSqb+fq 21SuzcHRcMx0cBssnHjIizLeNaDJJaxO322eJf5MMmDHsiZwuVcS3orU4Aty++1El2ubEBzZ1xaY2 Fr6w6n4Z3Dgfy11tuMSn6w==; Original-Received: from [87.69.77.57] (port=3396 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxVen-0008PR-B4; Wed, 15 Dec 2021 09:53:25 -0500 In-Reply-To: <868rwmrbz9.fsf@gmail.com> (message from Andy Moreton on Tue, 14 Dec 2021 23:41:14 +0000) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:282054 Archived-At: > From: Andy Moreton > Date: Tue, 14 Dec 2021 23:41:14 +0000 > > I'm not at all expert on SQL matters - I read the sqlite documentation > which points out that there are two ways to allow loading of sqlite > extensions from C: > > a) sqlite3_db_config(db,SQLITE_DBCONFIG_ENABLE_LOAD_EXTENSION,..) > - enables sqlite3_load_extension() > - does not enable SQL function "load_extension" > > b) sqlite3_enable_load_extension() > - enables sqlite3_load_extension() > - ALSO enables SQL function "load_extension" > > So if sqlite extensions are to be allowed in emacs, option (a) should be > preferred. This is explicitly called out as a security issue in the docs. > > Loading sqlite extensions should be disabled by default, and only be > enabled by explicit user configuration. But we don't call sqlite3_enable_load_extension, we call only sqlite3_load_extension. What does this mean for load_extension -- is it enabled or disabled?