Ron Johnson <ron.l.johnson@cox.net> writes:
> On Thu, 2003-06-26 at 11:59, Tom Lane wrote:
> > Now that the rexec code is gone, it MUST be marked untrusted --- this is
> > not a question for debate. Installing it as trusted would be a security
> > hole.
>
> In what version is rexec removed? v2.3? If so, then there are
> many people with Python 2.2 and even 2.1 who could still use
> trusted PlPython.
No--rexec was removed in 2.3 because it was found to be unfixably
insecure, not because 2.3 broke anything. Earlier versions are just as
insecure.
-Doug
