Re: Attention PL authors: want to be listed in template table? - Mailing list pgsql-hackers

From Thomas Hallgren
Subject Re: Attention PL authors: want to be listed in template table?
Date
Msg-id thhal-0Zwj7Aw3E8LQzh7AEsISiZZf0j7KYTx@mailblocks.com
Whole thread Raw
In response to Re: Attention PL authors: want to be listed in template table?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
Tom Lane wrote:

>Peter Eisentraut <peter_e@gmx.net> writes:
>  
>
>>The other problem I see emerging here is that in certain environments, 
>>the "java" language may not be trusted, such as when it is compiled 
>>with GCJ.
>>    
>>
Well, yes. But use the word environment in singular please :-) To my 
knowledge the security is full-proof with all other VM's since they all 
use the standard runtime libraries. The GCJ support is as experimental 
as the GCJ in itself and cannot be trusted in production.

>
>Hmm, is that really the case?  I thought Java is Java.
>  
>
GCJ is a clean house implementation of Java. They don't use the runtime 
libraries from Sun and they are not really there yet in their efforts to 
copy the functionality. One of the things that lag behind is security. 
They hope to have a better security implementation before the year end 
but there's no promise.

>>Then, this built-in template will override the CREATE 
>>LANGUAGE specification and introduce a security hole.
>>    
>>
>
>But it's exactly the same hole the user would create by manually saying
>CREATE TRUSTED LANGUAGE in error.  I don't think that's a reasonable
>argument against the template idea --- it just says that you have to be
>aware of what you're doing.
>
>(An appropriate solution, in my mind, would be to drop the trusted call
>handler from the shared library if it's built with gcj --- then there's
>really no possibility of doing the wrong thing.)
>  
>
That's a though although I'm not sure we would gain anything. No PL/Java 
binaries are provided that run with GCJ. You have to compile from source 
using some specific settings. If you are skilled enough to experiment 
with that, then there's a good chance you are able to tweak the source 
to enable the trusted call handler also.

Regards,
Thomas Hallgren




pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: Re: pg_config/share_dir
Next
From: Tom Lane
Date:
Subject: Re: Attention PL authors: want to be listed in template table?