Re: Possible major bug in PlPython (plus some other ideas)

On Fri, 9 Nov 2001, Tom Lane wrote:
> Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com> writes:
> > I have noticed a possibly major issues in Plpython that may need to be
> > addressed before 7.2 is released:
>
> > 1) If Plpython is installed as a trusted language, and from what little I
> > can glean from the documentation, it should not have any filesystem access.
> > However, the default behavior of the restricted execution environment
> > being used allows read-only filesystem access.
>
> I agree, this is not good. If it's easy to patch, please submit a
> patch.

I'll have something ready by Monday.

> What worries me is not so much this particular hole, which is easily
> plugged now that we know about it, as that it suggests that Python's
> idea of a restricted environment is considerably less restricted than
> we would like. Perhaps there are other facilities that need to be
> turned off as well?

I'm going to do a very careful review of the code. Upfront, I expect that
I've found the only major problem. There is already a very good "restricted
execution" enviornment in place. The read-only filesystem issue slipped
through the cracks because it is the default behavior for the evironment.
I'll spend the time to go over any nooks and crannies that bear careful
scrutiny.

> The alternative we could consider is to mark plpython as untrusted for
> 7.2, until someone has time for a more complete review of possible
> security problems.

If I don't feel that the code is 100% then I'll vote for this option too.

-Kevin

--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19 E-mail: jacobs(at)theopalgroup(dot)com
Fax: (216) 986-0714 WWW: http://www.theopalgroup.com