Re: allow building trusted languages without the untrusted versions - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: allow building trusted languages without the untrusted versions
Date
Msg-id 20220524000427.GA1186400@nathanxps13
Whole thread Raw
In response to Re: allow building trusted languages without the untrusted versions  (Stephen Frost <sfrost@snowman.net>)
Responses Re: allow building trusted languages without the untrusted versions
List pgsql-hackers
On Mon, May 23, 2022 at 07:09:03PM -0400, Stephen Frost wrote:
> Instead, I'd argue that we should be continuing to work in the direction
> of splitting up what can only be done by a superuser today using
> predefined roles and other methods along those lines.  How that lines up
> with this latest ask around untrusted languages is something I'm not
> exactly sure about, but a magic configure option that is
> "--don't-allow-what-AWS-doesn't-want-to-allow" certainly doesn't seem
> like it's going in the right direction (and, no, not every cloud
> provider is going to want the exact same thing when it comes to whatever
> this option is that we're talking about, so we'd end up having to have
> configure options for each if we start going down this road...).

I guess I'd like to do both.  I agree with continuing the work with
predefined roles, etc., but I also think there is value in being able to
compile out things that allow arbitrary disk/network access.  My intent
with this thread is the latter, and I'm trying to tackle this in a way that
is generically useful even beyond the cloud provider use case.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: allow building trusted languages without the untrusted versions
Next
From: "Jonathan S. Katz"
Date:
Subject: Re: PG15 beta1 sort performance regression due to Generation context change