Thread: Re: [COMMITTERS] pgsql: Add note that using PL/Python 2 and 3 in the same session will

petere@postgresql.org (Peter Eisentraut) writes:
> Log Message:
> -----------
> Add note that using PL/Python 2 and 3 in the same session will probably crash

Crash?  I can see people regarding that as a security problem.  Maybe we
need to do something more pro-active to prevent such conflicts?
        regards, tom lane

On tis, 2010-07-06 at 17:49 -0400, Tom Lane wrote:
> petere@postgresql.org (Peter Eisentraut) writes:
> > Log Message:
> > -----------
> > Add note that using PL/Python 2 and 3 in the same session will probably crash
> 
> Crash?  I can see people regarding that as a security problem.  Maybe we
> need to do something more pro-active to prevent such conflicts?

I don't see how.  Loading any module that uses the same symbols as
another already loaded modules can cause the same problem.

On Tue, 2010-07-06 at 17:49 -0400, Tom Lane wrote:
> petere@postgresql.org (Peter Eisentraut) writes:
> > Log Message:
> > -----------
> > Add note that using PL/Python 2 and 3 in the same session will probably crash
>
> Crash?  I can see people regarding that as a security problem.  Maybe we
> need to do something more pro-active to prevent such conflicts?

+1

Joshua D. Drake

--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering

Peter Eisentraut <peter_e@gmx.net> writes:
> On tis, 2010-07-06 at 17:49 -0400, Tom Lane wrote:
>> Crash?  I can see people regarding that as a security problem.  Maybe we
>> need to do something more pro-active to prevent such conflicts?

> I don't see how.  Loading any module that uses the same symbols as
> another already loaded modules can cause the same problem.

The scenario that worries me is that as soon as somebody has created
both plpython2 and plpython3 functions in the same database, he's at
risk of crashes or maybe worse, even if the functions weren't intended
to be used together.

I don't believe that the problem exists, or at least is of anywhere near
the same scope, for ordinary loadable modules.  As was noted earlier,
ordinary modules don't have references to each other, which is why
RTLD_LOCAL would be a good choice if it weren't for Python.  (I assume
that a sane linker will resolve a module's references to itself if
possible, even if there are conflicts elsewhere.)  The reason why Python
has got an issue here is that it has such heavy dependence on add-on
loadable modules, which have references to the core python.so library.
So with two python.so versions loaded, you don't know which one an
add-on module's symbol references will be resolved to.  (I wonder if
that would be fixable with some better use of symbol versioning?  But
that's something for the Python maintainers not us.)

At this point it seems clear to me that we've not adequately thought
through the implications of having two python versions in one
application namespace, and I'm not sure the Python people have either.
I think we need to do something to block that from happening, at least
until we have a plausible way to make it work.
        regards, tom lane

On Tue, 2010-07-06 at 17:49 -0400, Tom Lane wrote:
> petere@postgresql.org (Peter Eisentraut) writes:
> > Log Message:
> > -----------
> > Add note that using PL/Python 2 and 3 in the same session will probably crash
> 
> Crash?  I can see people regarding that as a security problem.  Maybe we
> need to do something more pro-active to prevent such conflicts?

+1

Joshua D. Drake

-- 
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering

On tis, 2010-07-06 at 18:15 -0400, Tom Lane wrote:
> At this point it seems clear to me that we've not adequately thought
> through the implications of having two python versions in one
> application namespace, and I'm not sure the Python people have either.
> I think we need to do something to block that from happening, at least
> until we have a plausible way to make it work.

How about this?

Peter Eisentraut <peter_e@gmx.net> writes:
> On tis, 2010-07-06 at 18:15 -0400, Tom Lane wrote:
>> At this point it seems clear to me that we've not adequately thought
>> through the implications of having two python versions in one
>> application namespace, and I'm not sure the Python people have either.
>> I think we need to do something to block that from happening, at least
>> until we have a plausible way to make it work.

> How about this?

Yeah, I was going to suggest something involving
find_rendezvous_variable to let the two versions of plpython check for
each other.  But doesn't the error need to be elog(FATAL)?  If you just
elog(ERROR) then the conflicting version of python.so is already loaded
and able to cause problems.  elog(FATAL) isn't very desirable maybe
but it beats crashing.

Minor grammatical nit: I think "session has previously used" would read
better in the errdetail.
        regards, tom lane

On ons, 2010-07-07 at 17:31 -0400, Tom Lane wrote:
> Yeah, I was going to suggest something involving
> find_rendezvous_variable to let the two versions of plpython check for
> each other.  But doesn't the error need to be elog(FATAL)?  If you
> just
> elog(ERROR) then the conflicting version of python.so is already
> loaded
> and able to cause problems.  elog(FATAL) isn't very desirable maybe
> but it beats crashing.

Done