| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Geoghegan <peter(dot)geoghegan86(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, David Fetter <david(at)fetter(dot)org>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Specification for Trusted PLs? |
| Date: | 2010-05-21 13:04:01 |
| Message-ID: | 18159.1274447041@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Geoghegan <peter(dot)geoghegan86(at)gmail(dot)com> writes:
>> That's about it- a language is TRUSTED if there's no way for a user to
>> be able to write a function which will give them access to things
>> they're not supposed to have. Practically, this includes things like
>> any kind of direct I/O (files, network, etc).
> The fact that plpythonu used to be plpython back in 7.3 serves to
> illustrate that the distinction is not all that well defined. I guess
> that someone made an executive decision that the python restricted
> execution environment wasn't restricted enough.
Well, it was the upstream authors of python's restricted execution
environment who decided it was unfixably insecure, not us. So the
"trusted" version had to go away.
(For awhile there last month, it was looking like plperl was going to
suffer the same fate :-(. Fortunately Tim Bunce thought of a way to
not have to rely on Safe.pm anymore.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-05-21 13:59:05 | Re: Snapshot Materialized Views - GSoC |
| Previous Message | Peter Geoghegan | 2010-05-21 12:55:03 | Re: Specification for Trusted PLs? |