Skip site navigation (1) Skip section navigation (2)

Re: Expect problems with PL/Python and Python version 2.2.3+ & 2.3+

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sean Reifschneider <jafo(at)tummy(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, guido(at)python(dot)org
Subject: Re: Expect problems with PL/Python and Python version 2.2.3+ & 2.3+
Date: 2003-05-26 06:15:59
Message-ID: 25845.1053929759@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Sean Reifschneider <jafo(at)tummy(dot)com> writes:
> For those unfamiliar with it, rexec provides a restricted execution
> environment, limiting access to certain Python and system routines.
> This functionality is being deprecated in Python, due to security
> problems and lack of maintainership to resolve them...

Is no substitute solution being offered?

> It may be appropriate to just remove the rexec, with the result being
> that PL/Python code will be able to have access to basically anything on
> the system as the user PostgreSQL is running as.

We would have to change it to an untrusted language.  We could do that,
but it would mean a major reduction in the usefulness of plpython.
Few DBAs of average paranoia levels want to give superuser access to
their database users.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2003-05-26 06:22:54
Subject: Re: Testing patches
Previous:From: Bruce MomjianDate: 2003-05-26 05:09:44
Subject: Re: ECPG thread-safety

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group