Re: Possible major bug in PlPython (plus some other ideas)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Hannu Krosing <hannu(at)tm(dot)ee>
Cc: Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Possible major bug in PlPython (plus some other ideas)
Date: 2001-11-09 19:48:22
Message-ID: 21461.1005335302@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hannu Krosing <hannu(at)tm(dot)ee> writes:
>> However, the default behavior of the restricted execution environment
>> being used allows read-only filesystem access.

> we have 'read-only filesystem access anyhow' :

> pg72b2=# create table hack(row text);
> CREATE
> pg72b2=# copy hack from '/home/pg72b2/data/pg_hba.conf' DELIMITERS
> '\01';

Only if you're superuser, which is exactly the point of the trusted
vs untrusted function restriction. The plpython problem lets
non-superusers read any file that the postgres user can read, which
is not cool.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Hannu Krosing 2001-11-09 19:57:00 Re: best method of reloading pg_hba.conf
Previous Message Hannu Krosing 2001-11-09 19:35:09 Re: Possible major bug in PlPython (plus some other ideas)