| From: | Mikhail Terekhov <terekhov(at)emc(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PlPython |
| Date: | 2003-06-26 20:16:22 |
| Message-ID: | 3EFB5496.8050405@emc.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Thanks for the explanation. I think I understand it now.
Mikhail
Karsten Hilbert wrote:
>>>Now that the rexec code is gone, it MUST be marked untrusted --- this is
>>>not a question for debate. Installing it as trusted would be a security
>>>hole.
>>
>>That means that there is something else untrusted in PLPython,
>>what is this?
>
> Well, basically everything else.
>
> You are getting this backwards. Making Python a *trusted*
> language *requires* something like rexec. Since we don't have
> rexec anymore (it never was much good, apparently) we cannot
> make Python trusted. Hence we must make it untrusted to keep
> it in at all.
>
> The point here is not whether we trust the rest of Python but
> whether we have something (like rexec) that restricts the
> standard Python. Only if we have that do we define a language
> as "trusted".
>
> Things would be different, of course, if an entire language
> was restricted by nature. That would be a candidate for a
> trusted language without needing specific add-on execution
> restriction.
>
> Karsten
| From | Date | Subject | |
|---|---|---|---|
| Next Message | CSN | 2003-06-26 20:27:56 | Redhat's "enhancements" to PG |
| Previous Message | btober | 2003-06-26 20:03:20 | Re: How many fields in a table are too many |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2003-06-26 20:28:23 | Re: Two weeks to feature freeze |
| Previous Message | Gonyou, Austin | 2003-06-26 20:09:51 | Re: Two weeks to feature freeze |