allow building trusted languages without the untrusted versions

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: allow building trusted languages without the untrusted versions
Date: 2022-05-20 22:56:19
Message-ID: 20220520225619.GA876272@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi hackers,

Presently, if you want to only build trusted PL/Perl and PL/Tcl, you need
to make a couple of code changes to compile out the untrusted parts. I
suspect many users (e.g., anyone who wants to disallow file system access)
would benefit from a better supported way to do this. Thus, I've attached
some patches that introduce an optional argument for the --with-perl and
--with-tcl configuration options. This new argument can be used to build
only the trusted or untrusted version of the language. If the argument is
not provided, both the trusted and untrusted versions are built, so this
change is backward compatible.

The PL/Tcl patch (0003) is relatively straightforward, as there are already
separate handler functions for the trusted and untrusted versions of the
language. PL/Perl, however, is slightly more complicated. 0001 first
modifies PL/Perl to use separate handle/validator functions for the trusted
and untrusted versions. 0002 then adds support for building only trusted
or untrusted PL/Perl in a similar fashion to 0003. Since a few contrib
modules depend on PL/Perl, 0002 also modifies some modules' Makefiles to
handle whether trusted and/or untrusted PL/Perl is built.

I haven't made the required changes (if any) for MSVC, as I do not
currently have a way to test it. For now, I am parking these patches in
the July commitfest while I gauge interest in this feature and await any
feedback on the proposed approach.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

Attachment Content-Type Size
v1-0001-Do-not-use-pg_language-to-determine-whether-PL-Pe.patch text/x-diff 12.2 KB
v1-0002-Allow-building-only-trusted-or-untrusted-PL-Perl.patch text/x-diff 19.6 KB
v1-0003-Allow-building-only-trusted-or-untrusted-PL-Tcl.patch text/x-diff 9.3 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Nathan Bossart 2022-05-20 23:04:29 Re: PG15 beta1 fix pg_stat_statements view document
Previous Message Nathan Bossart 2022-05-20 21:45:19 Re: Add --{no-,}bypassrls flags to createuser