| From: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | jd(at)commandprompt(dot)com, Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Safe security |
| Date: | 2010-03-08 14:37:20 |
| Message-ID: | 20100308143720.GX1375@timac.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 03, 2010 at 07:01:56PM -0500, Andrew Dunstan wrote:
> Joshua D. Drake wrote:
> >On Wed, 2010-03-03 at 11:33 -0500, Andrew Dunstan wrote:
> >
> >>Well, we could put in similar weasel words I guess. But after
> >>all, Safe's very purpose is to provide a restricted execution
> >>environment, no?
> >
> >We already do, in our license.
>
> True. I think the weasel formula I prefer here is a bit different.
> It might be reasonable to say something along the lines of:
>
> To the extent it is prevented by the Perl Safe module, there is no
> way provided to access internals of the database server process or
> to gain OS-level access with the permissions of the server process,
> as a C function can do.
Here's a patch that:
1. adds wording like that to the docs.
2. randomises the container package name (a simple and sound security measure).
3. requires Safe 2.25 (which has assorted fixes, including security).
4. removed a harmless but suprious exclamation mark from the source.
Tim.
| Attachment | Content-Type | Size |
|---|---|---|
| plperl-safe-225-rand.patch | text/x-patch | 3.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-03-08 14:40:48 | Re: Explicit psqlrc |
| Previous Message | Fujii Masao | 2010-03-08 13:26:55 | Re: testing cvs HEAD - HS/SR - xlog timeline 0 pg_xlogfile_name_offset |