allow building trusted languages without the untrusted versions - Mailing list pgsql-hackers

From Nathan Bossart
Subject allow building trusted languages without the untrusted versions
Date
Msg-id 20220520225619.GA876272@nathanxps13
Whole thread Raw
Responses Re: allow building trusted languages without the untrusted versions
List pgsql-hackers
Hi hackers,

Presently, if you want to only build trusted PL/Perl and PL/Tcl, you need
to make a couple of code changes to compile out the untrusted parts.  I
suspect many users (e.g., anyone who wants to disallow file system access)
would benefit from a better supported way to do this.  Thus, I've attached
some patches that introduce an optional argument for the --with-perl and
--with-tcl configuration options.  This new argument can be used to build
only the trusted or untrusted version of the language.  If the argument is
not provided, both the trusted and untrusted versions are built, so this
change is backward compatible.

The PL/Tcl patch (0003) is relatively straightforward, as there are already
separate handler functions for the trusted and untrusted versions of the
language.  PL/Perl, however, is slightly more complicated.  0001 first
modifies PL/Perl to use separate handle/validator functions for the trusted
and untrusted versions.  0002 then adds support for building only trusted
or untrusted PL/Perl in a similar fashion to 0003.  Since a few contrib
modules depend on PL/Perl, 0002 also modifies some modules' Makefiles to
handle whether trusted and/or untrusted PL/Perl is built.

I haven't made the required changes (if any) for MSVC, as I do not
currently have a way to test it.  For now, I am parking these patches in
the July commitfest while I gauge interest in this feature and await any
feedback on the proposed approach.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

Attachment

pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: Add --{no-,}bypassrls flags to createuser
Next
From: Nathan Bossart
Date:
Subject: Re: PG15 beta1 fix pg_stat_statements view document