Re: [HACKERS] PlPython

From: Hannu Krosing <hannu(at)tm(dot)ee>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com>, pgsql-hackers(at)postgreSQL(dot)org, pgsql-general(at)postgreSQL(dot)org
Subject: Re: [HACKERS] PlPython
Date: 2003-06-29 21:38:33
Message-ID: 1056922713.1816.109.camel@fuji.krosing.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

Tom Lane kirjutas E, 30.06.2003 kell 00:18:
> Hannu Krosing <hannu(at)tm(dot)ee> writes:
> > could we not just make sure that plpython uses python ver < 2.x and use
> > plpythonu for python versions >= 2.x until a secure regex solution comes
> > from Guido and folks ?
>
> We'd still have to mark it untrusted, so what's the point?

No we don't! The old version of plpython was perfectly OK when used with
python 1.5.x and will be so. The RExec security holes were only
introduced with new class mechanisms in python 2.x.

The version with patch which removes RExec (as Python 2.x is not
supporting it ) is the right thoing to do FOR PYTHON 2.X, but there is
no reason to remove safe execution when using python 1.5.x.

Thus my proposition for using the old version as plpython and the new
version as plpython-u, but allowing the non-u version to be compuled
only for python v < 2.x.

-----------------
Hannu

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2003-06-29 22:21:45 Re: [HACKERS] PlPython
Previous Message Tom Lane 2003-06-29 21:18:10 Re: [HACKERS] PlPython

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2003-06-29 22:21:45 Re: [HACKERS] PlPython
Previous Message Tom Lane 2003-06-29 21:24:53 Re: [HACKERS] Missing array support