Home > mailing lists

Re: Possible major bug in PlPython (plus some other ideas) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Possible major bug in PlPython (plus some other ideas)
Date	November 9, 2001 17:58:24
Msg-id	21461.1005335302@sss.pgh.pa.us Whole thread Raw
In response to	Re: Possible major bug in PlPython (plus some other ideas) (Hannu Krosing <hannu@tm.ee>)
Responses	Re: Possible major bug in PlPython (plus some other ideas)
List	pgsql-hackers

Tree view

Hannu Krosing <hannu@tm.ee> writes:
>> However, the default behavior of the restricted execution environment
>> being used allows read-only filesystem access.

> we have 'read-only filesystem access anyhow' :

> pg72b2=# create table hack(row text);
> CREATE
> pg72b2=# copy hack from '/home/pg72b2/data/pg_hba.conf' DELIMITERS
> '\01';

Only if you're superuser, which is exactly the point of the trusted
vs untrusted function restriction.  The plpython problem lets
non-superusers read any file that the postgres user can read, which
is not cool.
        regards, tom lane

pgsql-hackers by date:

From: Bradley McLean
Date: 09 November 2001, 17:48:46
Subject: Re: Possible major bug in PlPython (plus some other ideas)

From: Tom Lane
Date: 09 November 2001, 18:08:40
Subject: Re: 'real' strange problem in 7.1.3

Re: Possible major bug in PlPython (plus some other ideas) - Mailing list pgsql-hackers

Previous

Next