SQLite Forum

Is it possible to restrict VACUUM INTO?
Login

Is it possible to restrict VACUUM INTO?

(1) By anonymous on 2021-11-19 12:48:56 [link] [source]

Is it possible to restrict VACUUM INTO 'somefile' the same way as, or similar to, using sqlite3_set_authorizer() to restrict other actions?

The motivation is to add some protection against creation of files at arbitrary locations through application-level SQL.

Thanks.

(2) By Richard Hipp (drh) on 2021-11-19 13:16:15 in reply to 1 [source]

You can add an sqlite3_set_authorizer() restriction on the ATTACH command that causes it to fail.

VACUUM INTO is really something of a "meta" command. It works by using SQLite APIs recursively. It first runs "ATTACH" to create the new output database. Then it does a bunch of "CREATE" and "INSERT" commands on that attached database to perform the transfer, followed by a "DETACH" at the end. So if you block the initial ATTACH, you effectively prevent VACUUM INTO from running.

The sqlite3_set_authorizer() has the full name of the file being attached, so you can selectively block ATTACH (and hence VACUUM INTO). In this way, you could make it so that VACUUM INTO only works for output files in some limited subset of the filesystem namespace.