Hi hackers,
Presently, if you want to only build trusted PL/Perl and PL/Tcl, you need
to make a couple of code changes to compile out the untrusted parts. I
suspect many users (e.g., anyone who wants to disallow file system access)
would benefit from a better supported way to do this. Thus, I've attached
some patches that introduce an optional argument for the --with-perl and
--with-tcl configuration options. This new argument can be used to build
only the trusted or untrusted version of the language. If the argument is
not provided, both the trusted and untrusted versions are built, so this
change is backward compatible.
The PL/Tcl patch (0003) is relatively straightforward, as there are already
separate handler functions for the trusted and untrusted versions of the
language. PL/Perl, however, is slightly more complicated. 0001 first
modifies PL/Perl to use separate handle/validator functions for the trusted
and untrusted versions. 0002 then adds support for building only trusted
or untrusted PL/Perl in a similar fashion to 0003. Since a few contrib
modules depend on PL/Perl, 0002 also modifies some modules' Makefiles to
handle whether trusted and/or untrusted PL/Perl is built.
I haven't made the required changes (if any) for MSVC, as I do not
currently have a way to test it. For now, I am parking these patches in
the July commitfest while I gauge interest in this feature and await any
feedback on the proposed approach.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com