Is this a TODO item?
---------------------------------------------------------------------------
Tom Lane wrote:
> "Jay O'Connor" <joconnor@cybermesa.com> writes:
> > At 06:42 AM 06/18/2003 +0200, you wrote:
> >> We could change plpython to an untrusted language
> >> if someone cares enough to develop a patch to remove the use of
> >> rexec. Otherwise I fear we'll have to pull it.
>
> > When you say "have to pull it" does that mean dropping plpython completely?
>
> Yes. I can't see that we have any other alternative. The existing
> plpython won't work at all with newer Python installations, and while
> it'd still work with older ones, it has exactly the same security holes
> that prompted the Python folk to pull rexec. That means it's foolish
> to pretend that it can still be considered a trusted language. So
> I feel we cannot just leave it sit there. Either somebody does the
> legwork to convert it into an untrusted language that doesn't use rexec,
> or it goes. And I don't think any of the core team has the time to do
> that legwork. If there's no plpython user with the commitment to fix
> it, it's history :-(. Any volunteers out there?
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
