Home > mailing lists

Re: Specification for Trusted PLs? - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Specification for Trusted PLs?
Date	May 27, 2010 22:03:30
Msg-id	1274997795.18581.52.camel@vanquo.pezone.net Whole thread Raw
In response to	Re: Specification for Trusted PLs? (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Specification for Trusted PLs?
List	pgsql-hackers

Tree view

On fre, 2010-05-21 at 14:22 -0400, Robert Haas wrote:
> On Fri, May 21, 2010 at 2:21 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > Robert Haas <robertmhaas@gmail.com> writes:
> >> So... can we get back to coming up with a reasonable
> >> definition,
> >
> > (1) no access to system calls (including file and network I/O)
> >
> > (2) no access to process memory, other than variables defined within the
> > PL.
> >
> > What else?
> 
> Doesn't subvert the general PostgreSQL security mechanisms?  Not sure
> how to formulate that.

Succinctly: A trusted language does not grant access to data that the
user would otherwise not have.

I wouldn't go any further than that.  File and network I/O, for example,
are implementation details.  A trusted language might do some kind of
RPC, for example.  The PL/J project once wanted to do something like
that.

pgsql-hackers by date:

From: Andrew Dunstan
Date: 27 May 2010, 21:25:54
Subject: mingw initdb failure on HEAD

From: David Fetter
Date: 27 May 2010, 22:04:06
Subject: Re: functional call named notation clashes with SQL feature

Re: Specification for Trusted PLs? - Mailing list pgsql-hackers

Previous

Next