Re: Possible major bug in PlPython (plus some other ideas) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Possible major bug in PlPython (plus some other ideas)
Date
Msg-id 21461.1005335302@sss.pgh.pa.us
Whole thread Raw
In response to Re: Possible major bug in PlPython (plus some other ideas)  (Hannu Krosing <hannu@tm.ee>)
Responses Re: Possible major bug in PlPython (plus some other ideas)
List pgsql-hackers
Hannu Krosing <hannu@tm.ee> writes:
>> However, the default behavior of the restricted execution environment
>> being used allows read-only filesystem access.

> we have 'read-only filesystem access anyhow' :

> pg72b2=# create table hack(row text);
> CREATE
> pg72b2=# copy hack from '/home/pg72b2/data/pg_hba.conf' DELIMITERS
> '\01';

Only if you're superuser, which is exactly the point of the trusted
vs untrusted function restriction.  The plpython problem lets
non-superusers read any file that the postgres user can read, which
is not cool.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Bradley McLean
Date:
Subject: Re: Possible major bug in PlPython (plus some other ideas)
Next
From: Tom Lane
Date:
Subject: Re: 'real' strange problem in 7.1.3