| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Safe security |
| Date: | 2010-03-03 16:33:37 |
| Message-ID: | 4B8E8F61.9030008@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tim Bunce wrote:
> FYI the maintainers of Safe are aware of (at least) two exploits which
> are being considered at the moment.
>
> You might want to soften the wording in
> http://developer.postgresql.org/pgdocs/postgres/plperl-trusted.html
> "There is no way to ..." is a stronger statement than can be justified.
>
Perhaps "There is no way provided to ...".
> The docs for Safe http://search.cpan.org/~rgarcia/Safe-2.23/Safe.pm#WARNING
> say "The authors make no warranty, implied or otherwise, about the
> suitability of this software for safety or security purposes".
>
>
>
Well, we could put in similar weasel words I guess. But after all,
Safe's very purpose is to provide a restricted execution environment, no?
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2010-03-03 16:45:47 | Re: Safe security |
| Previous Message | Tim Bunce | 2010-03-03 16:15:58 | Safe security (was: plperl _init settings) |