Re: PlPython - Mailing list pgsql-general

From Karsten Hilbert
Subject Re: PlPython
Date
Msg-id 20030626204841.B609@hermes.hilbert.loc
Whole thread Raw
In response to Re: PlPython  (Mikhail Terekhov <terekhov@emc.com>)
Responses Re: PlPython
List pgsql-general
>>Now that the rexec code is gone, it MUST be marked untrusted --- this is
>>not a question for debate.  Installing it as trusted would be a security
>>hole.
>
> That means that there is something else untrusted in PLPython,
> what is this?
Well, basically everything else.

You are getting this backwards. Making Python a *trusted*
language *requires* something like rexec. Since we don't have
rexec anymore (it never was much good, apparently) we cannot
make Python trusted. Hence we must make it untrusted to keep
it in at all.

The point here is not whether we trust the rest of Python but
whether we have something (like rexec) that restricts the
standard Python. Only if we have that do we define a language
as "trusted".

Things would be different, of course, if an entire language
was restricted by nature. That would be a candidate for a
trusted language without needing specific add-on execution
restriction.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

pgsql-general by date:

Previous
From: "Jay O'Connor"
Date:
Subject: deleting procs
Next
From: Steve Crawford
Date:
Subject: Re: How many fields in a table are too many