Sean Reifschneider <jafo(at)tummy(dot)com> writes:
> For those unfamiliar with it, rexec provides a restricted execution
> environment, limiting access to certain Python and system routines.
> This functionality is being deprecated in Python, due to security
> problems and lack of maintainership to resolve them...
Is no substitute solution being offered?
> It may be appropriate to just remove the rexec, with the result being
> that PL/Python code will be able to have access to basically anything on
> the system as the user PostgreSQL is running as.
We would have to change it to an untrusted language. We could do that,
but it would mean a major reduction in the usefulness of plpython.
Few DBAs of average paranoia levels want to give superuser access to
their database users.
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2003-05-26 06:22:54|
|Subject: Re: Testing patches |
|Previous:||From: Bruce Momjian||Date: 2003-05-26 05:09:44|
|Subject: Re: ECPG thread-safety|