| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: allow building trusted languages without the untrusted versions |
| Date: | 2022-05-25 20:20:34 |
| Message-ID: | 2002561.1653510034@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> The very specific "it'd be nice to build PG w/o having untrusted
> languages compiled in" is at least reasonably clearly contained and
> reasonable to see if we are, in fact, doing what we claim we're doing
> with such a switch.
I agree that it's specific and easily measured. What I don't get is why
it's worth troubling over, if we acknowledge that keeping superusers from
breaking out to OS access is infeasible. At most, not having access to
plpythonu means you've got to kluge something up involving COPY TO
PROGRAM 'python'.
If somebody else is excited enough about it to do the legwork, I won't
stand in the way particularly. But it strikes me as a waste of effort,
not only for the patch author but for everyone who has to read about
or maintain the resulting configure options etc.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2022-05-25 20:27:15 | Re: allow building trusted languages without the untrusted versions |
| Previous Message | Robert Haas | 2022-05-25 20:12:23 | Re: allow building trusted languages without the untrusted versions |