Re: allow building trusted languages without the untrusted versions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: allow building trusted languages without the untrusted versions
Date: 2022-07-13 19:49:34
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
> Given the discussion in this thread, I intend to mark the commitfest entry
> as Withdrawn shortly. Before I do, I thought I'd first check whether 0001
> [0] might be worthwhile independent of $SUBJECT. This change separates the
> [un]trusted handler and validator functions for PL/Perl so that we no
> longer need to inspect pg_language to determine whether to use the trusted
> or untrusted code path. I was surprised to learn that you can end up with
> PL/PerlU even if you've specified the trusted handler/validator functions.
> Besides bringing things more in line with how PL/Tcl does things, this
> change simplifies function lookup in plperl_proc_hash. I suppose such a
> change might introduce a compatibility break for users who are depending on
> this behavior, but I don't know if that's worth worrying about.

Meh. Avoiding the potential repeat hashtable lookup is worth something,
but I'm not sure I buy that this is a semantic improvement. ISTM that
lanpltrusted *should* be the ultimate source of truth on this point.

My feelings about it are not terribly strong either way, though.

regards, tom lane

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Dmitry Koval 2022-07-13 20:05:44 Re: Add SPLIT PARTITION/MERGE PARTITIONS commands
Previous Message Andrew Dunstan 2022-07-13 19:46:17 Re: Bug: Reading from single byte character column type may cause out of bounds memory reads.