Tom Lane kirjutas E, 30.06.2003 kell 00:18:
> Hannu Krosing <hannu@tm.ee> writes:
> > could we not just make sure that plpython uses python ver < 2.x and use
> > plpythonu for python versions >= 2.x until a secure regex solution comes
> > from Guido and folks ?
>
> We'd still have to mark it untrusted, so what's the point?
No we don't! The old version of plpython was perfectly OK when used with
python 1.5.x and will be so. The RExec security holes were only
introduced with new class mechanisms in python 2.x.
The version with patch which removes RExec (as Python 2.x is not
supporting it ) is the right thoing to do FOR PYTHON 2.X, but there is
no reason to remove safe execution when using python 1.5.x.
Thus my proposition for using the old version as plpython and the new
version as plpython-u, but allowing the non-u version to be compuled
only for python v < 2.x.
-----------------
Hannu
