Re: Interpretation of TRUSTED - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: Interpretation of TRUSTED
Date
Msg-id 4209497B.2010205@dunslane.net
Whole thread Raw
In response to Re: Interpretation of TRUSTED  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers

Tom Lane wrote:

>  
>
>>On Tue, Feb 08, 2005 at 11:12:07PM +0100, Thomas Hallgren wrote:
>>    
>>
>>>Is it OK to design a trusted language so that it allows access to
>>>the filesystem provided that the session user is a super-user?
>>>      
>>>
>
>AFAICS, what Thomas proposes would be exactly equivalent to root running
>scripts owned by non-root users --- in this case, if session user is
>root then functions written by other people would be allowed to do
>things they normally shouldn't be able to do.  It strikes me as a great
>loophole for Trojan-horse functions.  Not that a sane superuser would
>run functions controlled by other people in the first place.
>
>
>  
>

Agreed.

It's also not how other PLs work. I don't think this definition should 
be up to the individual language. So my answer to his question above 
would be "No".

cheers

andrew


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Interpretation of TRUSTED
Next
From: Jeff Davis
Date:
Subject: Re: Interpretation of TRUSTED