Re: Possible major bug in PlPython (plus some other ideas) - Mailing list pgsql-hackers

From Kevin Jacobs
Subject Re: Possible major bug in PlPython (plus some other ideas)
Date
Msg-id Pine.LNX.4.33.0111091029060.6280-100000@penguin.theopalgroup.com
Whole thread Raw
In response to Re: Possible major bug in PlPython (plus some other ideas)  (Bradley McLean <brad@bradm.net>)
List pgsql-hackers
Hi Bradley,

Thanks for the response!  I'm very relieved to get feedback on my
suggestions.

On Fri, 9 Nov 2001, Bradley McLean wrote:

> * Kevin Jacobs (jacobs@penguin.theopalgroup.com) [011109 08:59]:
> >
> >   1) If Plpython is installed as a trusted language, and from what little I
> >      can glean from the documentation, it should not have any filesystem access.
> >      However, the default behavior of the restricted execution environment
> >      being used allows read-only filesystem access.
> >...
> >      It is fairly easy to override this method to unconditionally raise an
> >      access exception.
>
> Agreed.  Just to amplify the point below, there is currently no
> distinction between trusted and untrusted in PLpython (hmm, need
> a doc change to identify this?).  lanpltrusted appears nowhere
> in the implementation.

Actually, I'm mostly unaware of how createlang works, but I assumed that
plpython was installed as a trusted backend.  Can anyone clarify _exactly_
what is meant by a 'trusted'?

To fix this issue, is it better to create a C-API method override to RExec
or should we implement a real plpy.py module that does this (and some of the
rest of my suggestions).  I'd prefer the module, since it is _much_ easier
to do, though it does incur some extra overhead.

> >   4) Plpython does not use the standard Python boolean checks, which is also
> >      not very Pythonic and somewhat confusing:
> > ...
> >      I suggest changing the semantics of boolean return values to use
> >      PyObject_IsTrue(PyObject *o) to properly test for truth values.
>
> Agree.  Is this the only type that needs special treatment?

Virtually all the other basic types will usually do the right thing.
We could add support for array conversions:
  Python [1,2,3] => Postgres INTEGER[] {1,2,3}

Can you think of any others?

> >   6) [Very low priority] Its not insane to consider a Plpython procedure
> >      that spawns off a Python thread to do background processing tasks.
> >      This is obviously something that will only be possible in an untrusted
> >      version of the interpreter.  Also, if the SPI interface is thread-safe,
> >      then it may be useful to release the Python interpreter lock around
> >      some of the SPI calls.
>
> Three weeks ago, I really wanted a feature like this, but I've slowly
> been convincing myself that it's a bad idea.  Consider the effects of
> a race condition in user generated threaded python code that results
> in a deadlock within the backend.

I'm not completely sold on this either.  I'm going to let this idea
percolate for a while and wait to see if I can find a need for it.

> I will say that the discrepancy between executing SQL from plpython
> and from python with the pg driver does cause some cognitive
> disconnect, because despite working in the same language, I have
> to use different APIs to the same functionality.  I don't have a
> good proposal to solve it, though.

Other than not having the same modules available, what is annoying you most?

> One last issue:
>
> 7)  Would it be completely impossible to make an extra-global
> dictionary that was shared between multiple back-ends (place
> in shared memory)?  Anything I'm likely to place in GD, I'm likely
> to initialize once and want in all backends.

It will be very tricky to do in full generality.  Anything that is inserted
into the "shared global" dictionary will have to be copied, re-allocated on
the shared heap, and hidden from the garbage collector.  This is fairly easy
to do for a simple types {int,float,string}; much harder for more complex
types.

-Kevin

--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19         E-mail: jacobs@theopalgroup.com
Fax:   (216) 986-0714              WWW:    http://www.theopalgroup.com



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Quick question
Next
From: Bruce Momjian
Date:
Subject: Re: Open items