Re: allow building trusted languages without the untrusted versions - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: allow building trusted languages without the untrusted versions
Date
Msg-id Yo1wKuifvjUfv4hb@momjian.us
Whole thread Raw
In response to Re: allow building trusted languages without the untrusted versions  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: allow building trusted languages without the untrusted versions
List pgsql-hackers
On Tue, May 24, 2022 at 02:10:19PM -0400, Robert Haas wrote:
> I guess one question is at what level we want to disable these various
> things. Your original proposal seemed reasonable to me because I feel
> like users who are compiling PostgreSQL ought to have control over
> which things they compile. If you can turn plperl and plperlu off
> together, and you can, then why shouldn't you be able to turn them on
> and off separately? I can't think of a good reason why we shouldn't
> make that possible if people want it, and evidently at least one
> person does: you. I'm even willing to assume that you represent the
> interests of some larger group of people. :-)

I always thought if pg_proc is able to call an arbitrary function in an
arbitrary library, it could access to the file system, and if that is
true, locking the super-user from file system access seems impossible
and unwise to try because it would give a false sense of security.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson




pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: suboverflowed subtransactions concurrency performance optimize
Next
From: Bruce Momjian
Date:
Subject: Re: Limiting memory allocation