Re: [blfs-dev] sqlite: Remove `SQLITE_ENABLE_FTS3_TOKENIZER` from configuration

Fri, 03 Jan 2020 09:52:55 -0800 


On 1/3/20 8:35 AM, Paul Menzel via blfs-dev wrote:

Dear Beyond Linux From Scratch folks,


The configuration instructions for SQLite [1] still enable the two-argument
version of the fts3_tokenizer() interface.

     -DSQLITE_ENABLE_FTS3_TOKENIZER=1

The command explanations do not contain that.


CFLAGS="-g -O2 -DSQLITE_ENABLE_FTS3=1 -DSQLITE_ENABLE_FTS4=1
-DSQLITE_ENABLE_COLUMN_METADATA=1 -DSQLITE_SECURE_DELETE
-DSQLITE_ENABLE_UNLOCK_NOTIFY=1 -DSQLITE_ENABLE_DBSTAT_VTAB=1":
Applications such as Firefox require secure delete and enable unlock
notify to be turned on. Since firefox-41 the dbstat virtual table and
FTS3/4 are also required. The only way to do this is to include them
in the CFLAGS. By default, these are set to "-g -O2" so we specify
that to preserve those settings. You may, of course, wish to omit the
'-g' if you do not wish to create debugging information. For further
information on what can be specified see
http://www.sqlite.org/compile.html.

So, I wonder if that is an oversight, as the SQLite upstream say there are
security concerns.


SQLITE_ENABLE_FTS3_TOKENIZER

This option enables the two-argument version of the fts3_tokenizer()
  interface. The second argument to fts3_tokenizer() is suppose to be
a pointer to a function (encoded as a BLOB) that implements an
application defined tokenizer. If hostile actors are able to run the
  two-argument version of fts3_tokenizer() with an arbitrary second
argument, they could use crash or take control of the process.

Because of security concerns, the two-argument fts3_tokenizer()
feature was disabled beginning with Version 3.11.0 (2016-02-15)
unless this compile-time option is used. Version 3.12.0 (2016-03-29)
  added the
sqlite3_db_config(db,SQLITE_DBCONFIG_ENABLE_FTS3_TOKENIZER,1,0)
interface that activates the two-argument version of
fts3_tokenizer() for a specific database connection at run-time.


Kind regards,

Paul



Hi Paul,
This isn't due to an oversight. In 2016, a ticket was filed named "sqlite-3.11.0 causes error in Thunderbird serarch" (Ticket #7991). In order to get search to work again, we had to add -DSQLITE3_ENABLE_FTS3_TOKENISER=1 to the sqlite CFLAGS. That option became required around Thunderbird-52.5.0. I'll update the command explanations to match that though. 

--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to