| From: | Doug McNaught <doug(at)mcnaught(dot)org> |
|---|---|
| To: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PlPython |
| Date: | 2003-06-26 17:35:07 |
| Message-ID: | m3wuf84u9g.fsf@varsoon.wireboard.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> writes:
> On Thu, 2003-06-26 at 11:59, Tom Lane wrote:
> > Now that the rexec code is gone, it MUST be marked untrusted --- this is
> > not a question for debate. Installing it as trusted would be a security
> > hole.
>
> In what version is rexec removed? v2.3? If so, then there are
> many people with Python 2.2 and even 2.1 who could still use
> trusted PlPython.
No--rexec was removed in 2.3 because it was found to be unfixably
insecure, not because 2.3 broke anything. Earlier versions are just as
insecure.
-Doug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Ramsey | 2003-06-26 17:36:09 | pg_dump "all tables" in 7.3.X |
| Previous Message | Tom Lane | 2003-06-26 17:34:13 | Re: PlPython |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Ramsey | 2003-06-26 17:36:09 | pg_dump "all tables" in 7.3.X |
| Previous Message | Tom Lane | 2003-06-26 17:34:13 | Re: PlPython |