| From: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH] |
| Date: | 2010-01-28 19:55:09 |
| Message-ID: | 20100128195509.GI38673@timac.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jan 28, 2010 at 12:12:58PM -0500, Tom Lane wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> > Tom Lane wrote:
> >> Isn't it a security hole if on_trusted_init is USERSET? That means
> >> an unprivileged user can determine what will happen in plperlu.
> >> SUSET would be saner.
>
> > ITYM on_untrusted_init.
>
> Right, sorry, got 'em backwards.
I've done that several times. The naming is tricky because it's very
dependent on your point of view. The 'trusted' language is for running
'untrusted' code and the 'untrusted' language is for running 'trusted'
code. The naming convention is unfortunate.
Just an observation from a newbie. I imagine it's been pointed out before.
Tim.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-01-28 20:01:13 | Re: Review: Typed Table |
| Previous Message | Peter Eisentraut | 2010-01-28 19:50:57 | Re: Review: Typed Table |