My understanding (from the documentation and from a quick code check is
that the PL/Python code uses Python's "rexec" ability to provide a
restricted execution environment for the Python code.
For those unfamiliar with it, rexec provides a restricted execution
environment, limiting access to certain Python and system routines.
This functionality is being deprecated in Python, due to security
problems and lack of maintainership to resolve them... Python 2.2.3
will ship next Friday with rexec disabled, and Python version 2.3 should
be out in about a month and will also not have rexec.
The first issue to note is that currently rexec does have some security
problems which mean that enabling pl/python may cause users to gain
access to the system as the user PostgreSQL is running as. I'm not very
familiar with these problems, just that there are some...
It may be appropriate to just remove the rexec, with the result being
that PL/Python code will be able to have access to basically anything on
the system as the user PostgreSQL is running as.
So, heads up... 2.2.3 and 2.3 and later versions of Python will
probably not work with PostgreSQL and PL/Python.
Sean
-- Brooks's Law of Prototypes: Plan to throw one away, you will anyhow.
Sean Reifschneider, Inimitably Superfluous <jafo@tummy.com>
tummy.com, ltd. - Linux Consulting since 1995. Qmail, Python, SysAdmin Back off man. I'm a scientist.
http://HackingSociety.org/
