Re: allow building trusted languages without the untrusted versions - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: allow building trusted languages without the untrusted versions
Date
Msg-id 849661f1-85a3-2833-5477-059a9b58e70f@enterprisedb.com
Whole thread Raw
In response to Re: allow building trusted languages without the untrusted versions  (Nathan Bossart <nathandbossart@gmail.com>)
Responses Re: allow building trusted languages without the untrusted versions
List pgsql-hackers
On 24.05.22 22:58, Nathan Bossart wrote:
> FWIW this was my original thinking.  I can choose to build/install
> extensions separately, but when it comes to PL/Tcl and PL/Perl, you've
> got to build the trusted and untrusted stuff at the same time, and the
> untrusted symbols remain even if you remove the control file and
> installation scripts.  Of course, this isn't a complete solution for
> removing the ability to do any sort of random file system access, though.

This only makes sense to me if you install directly from the source tree 
to your production installation.  Presumably, there is usually a 
packaging step in between.  And you can decide at that point which files 
to install or not to install.



pgsql-hackers by date:

Previous
From: Laurenz Albe
Date:
Subject: Re: Prevent writes on large objects in read-only transactions
Next
From: Amit Langote
Date:
Subject: Re: doc: CREATE FOREIGN TABLE .. PARTITION OF .. DEFAULT