Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCH] untrusted plperl - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: [PATCH] untrusted plperl
Date
Msg-id 200106181756.f5IHu5E13639@candle.pha.pa.us
Whole thread Raw
In response to Re: [PATCH] untrusted plperl  (Alex Pilosov <alex@pilosoft.com>)
List pgsql-hackers
Tree view 
Alex, seems you have done sufficient research to be sure this is OK.

Your patch has been added to the PostgreSQL unapplied patches list at:
http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

> On Sat, 16 Jun 2001, Tom Lane wrote:
> 
> > Alex Pilosov <alex@pilosoft.com> writes:
> > > Hope someone finds that useful and maybe even merged :)
> > 
> > It looks great to me (except you forgot the documentation updates ;)).
> My bad! I'll find whereever plperl is mentioned and note plperlu
> existance.
> 
> > But it'd be nice to get a Perl expert to comment on the thing,
> > particularly on the safe/unsafe-in-one-interpreter business.
> I'm no expert, and biased since I wrote it this way, but here's the
> skinny:
> 
> 1) safe functions has a unique namespace, and may not escape from it.
> (or should not, if Safe module works right). 
> 
> 2) there were attacks on Safe module that resulted in ability to set
> variables outside of your namespace. None known now.
> 
> 3) There's an existing problem with AUTOLOAD and Safe, which doesn't apply
> to us, since you can't 'use' a module in a Safe compartment.
> 
> To be truly paranoid, one must have separate interpreters, but that kills
> the idea of sharing variables. (Actually, when PgSPI is done (see next
> email), it would be possible to do so via SPI).
> 
> I'm awaiting opinion of a real perl expert, tho ;)
> 
> > One thought that comes to mind: seems like it'd be possible to
> > communicate via Perl global variables, functions, etc between
> > safe and unsafe functions.  This might be good, or it might be
> > a vehicle for bypassing the safety restrictions.  We should
> > think hard about that.
> Yeah. I thought about that. Thing is, you have to predeclare all variables
> you want to share with safe functions. I think it would make sense to have
> a global hash, named $safe_info (well, $main::safe_info) which would be
> shared. Unfortunately, there's no way to have 'readonly' share, so
> safe functions should not rely on $safe_info, as it could be corrupted by
> unsafe functions...
> 
> -alex
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

Previous
From: The Hermit Hacker
Date:
Subject: LEFT JOIN ...
Next
From: Bruce Momjian
Date:
Subject: Re: (Really) Re: [PATCH] inet << indexability