[webkit-dev] Blacklisting some sqlite functions

Dumitru Daniliuc dumi at chromium.org
Wed Jan 6 14:55:54 PST 2010


while doing a security review of chromium's implementation of HTML5 DBs,
chris noted that some sqlite functions are potential security risks. thus,
we would like to blacklist them (or rather, have a list of whitelisted
functions). currently, WebCore's sqlite authorizer allows all functions, but
has a FIXME comment that wonders what the right thing to do is
(WebCore/storage/DatabaseAuthorizer.cpp:281).

here are the functions we'd like to whitelist:
http://www.sqlite.org/lang_corefunc.html: all of them, except
load_extension(), random() and randomblob() (once we fix some layout tests
that currently use randomblob()).
http://www.sqlite.org/lang_datefunc.html: all of them
http://www.sqlite.org/lang_aggfunc.html: all of them

in addition to these standard functions, we'd like to whitelist some
functions from a few extensions chromium uses:
full text search (fts2.c): whitelist snippet(), offsets(), optimize(), but
not fts2_tokenizer().
unicode data (icu.c): whitelist regexp(), lower(), upper(), like(), but not
icu_load_collation().

any objection?

thanks,
dumi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100106/929ff707/attachment.html>


More information about the webkit-dev mailing list