Quick Links

Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH]

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc:	Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH]
Date:	2010-01-28 17:12:58
Message-ID:	17141.1264698778@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Tom Lane wrote:
>> Isn't it a security hole if on_trusted_init is USERSET? That means
>> an unprivileged user can determine what will happen in plperlu.
>> SUSET would be saner.

> ITYM on_untrusted_init.

Right, sorry, got 'em backwards.

regards, tom lane

In response to

Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH] at 2010-01-28 17:02:49 from Andrew Dunstan

Responses

Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH] at 2010-01-28 19:55:09 from Tim Bunce

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Pavel Stehule	2010-01-28 17:14:37	Re: Review: listagg aggregate
Previous Message	Pavel Stehule	2010-01-28 17:12:50	Re: Review: listagg aggregate