Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>
> There's an "operation mask" inside plperl that defines which Perl
> opcodes it thinks are safe to allow the user to execute. I think
> the mask is set pretty conservatively at the moment ... definitely
> too conservatively, if it rejects sqrt :-(. But no one's gotten
> round to looking at the situation more closely to decide what's
> safe and what's not. Feel free to look at the documentation for
> Perl's Opcode module and propose a more reasonable mask.
>
> regards, tom lane
The existing mask seems the most reasonable. The mast is :default,
which is not the most strict, but reasonably so. It allows users to
write scripts that would consume system resources, tying up the
system, but prevents them (probably) from getting too much access to
the host system. sqrt is disables because you can use it to produce
floating point exceptions which would call $SIG{??}. I'm not sure
why this is bad, but it seems that this would violate the comparment
somehow.
Anyway, it would be nice to have a commandline switch for the
Makefile.PL script which would allow people to customize the
operation mask that plperl.so uses. I have to use the :base_math
mask because I need sqrt. When plperl is re-enabled in the
configure script, it should be added there too.
--
----------------------------------------------------------------
Travis Bauer | CS Grad Student | IU |www.cs.indiana.edu/~trbauer
----------------------------------------------------------------