From: | teg(at)redhat(dot)com (Trond Eivind =?iso-8859-1?q?Glomsr=F8d?=) |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Hannu Krosing <hannu(at)tm(dot)ee>, Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Possible major bug in PlPython (plus some other ideas) |
Date: | 2001-11-09 20:14:13 |
Message-ID: | xuyu1w38zxm.fsf@halden.devel.redhat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Hannu Krosing <hannu(at)tm(dot)ee> writes:
> >> However, the default behavior of the restricted execution environment
> >> being used allows read-only filesystem access.
>
> > we have 'read-only filesystem access anyhow' :
>
> > pg72b2=# create table hack(row text);
> > CREATE
> > pg72b2=# copy hack from '/home/pg72b2/data/pg_hba.conf' DELIMITERS
> > '\01';
>
> Only if you're superuser, which is exactly the point of the trusted
> vs untrusted function restriction. The plpython problem lets
> non-superusers read any file that the postgres user can read, which
> is not cool.
If a fix is made, will it be backported to the 7.1 branch so vendors
can upgrade their packages if this is necesarry?
--
Trond Eivind Glomsrød
Red Hat, Inc.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephan Szabo | 2001-11-09 20:17:19 | Re: 'real' strange problem in 7.1.3 |
Previous Message | Tom Lane | 2001-11-09 20:06:28 | Re: 'real' strange problem in 7.1.3 |