Skip site navigation (1) Skip section navigation (2)

Re: Specification for Trusted PLs?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: David Fetter <david(at)fetter(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Specification for Trusted PLs?
Date: 2010-05-21 19:15:27
Message-ID: 22555.1274469327@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Fri, May 21, 2010 at 2:21 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> (1) no access to system calls (including file and network I/O)
>> (2) no access to process memory, other than variables defined within the
>> PL.
>> What else?

> Doesn't subvert the general PostgreSQL security mechanisms?  Not sure
> how to formulate that.

As long as you can't do database access except via SPI, that should be
covered.  So I guess the next item on the list is no, or at least
restricted, access to functions outside the PL's own language.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Greg Sabino MullaneDate: 2010-05-21 19:22:00
Subject: Re: changed source files.
Previous:From: Tom LaneDate: 2010-05-21 19:13:22
Subject: Re: Specification for Trusted PLs?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group