From: | Doug McNaught <doug(at)mcnaught(dot)org> |
---|---|
To: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: PlPython |
Date: | 2003-06-26 17:35:07 |
Message-ID: | m3wuf84u9g.fsf@varsoon.wireboard.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general pgsql-hackers |
Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> writes:
> On Thu, 2003-06-26 at 11:59, Tom Lane wrote:
> > Now that the rexec code is gone, it MUST be marked untrusted --- this is
> > not a question for debate. Installing it as trusted would be a security
> > hole.
>
> In what version is rexec removed? v2.3? If so, then there are
> many people with Python 2.2 and even 2.1 who could still use
> trusted PlPython.
No--rexec was removed in 2.3 because it was found to be unfixably
insecure, not because 2.3 broke anything. Earlier versions are just as
insecure.
-Doug
From | Date | Subject | |
---|---|---|---|
Next Message | Paul Ramsey | 2003-06-26 17:36:09 | pg_dump "all tables" in 7.3.X |
Previous Message | Tom Lane | 2003-06-26 17:34:13 | Re: PlPython |
From | Date | Subject | |
---|---|---|---|
Next Message | Paul Ramsey | 2003-06-26 17:36:09 | pg_dump "all tables" in 7.3.X |
Previous Message | Tom Lane | 2003-06-26 17:34:13 | Re: PlPython |