Quick Links

Re: Expect problems with PL/Python and Python version 2.2.3+ & 2.3+

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Sean Reifschneider <jafo(at)tummy(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org, guido(at)python(dot)org
Subject:	Re: Expect problems with PL/Python and Python version 2.2.3+ & 2.3+
Date:	2003-05-26 06:15:59
Message-ID:	25845.1053929759@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Sean Reifschneider <jafo(at)tummy(dot)com> writes:
> For those unfamiliar with it, rexec provides a restricted execution
> environment, limiting access to certain Python and system routines.
> This functionality is being deprecated in Python, due to security
> problems and lack of maintainership to resolve them...

Is no substitute solution being offered?

> It may be appropriate to just remove the rexec, with the result being
> that PL/Python code will be able to have access to basically anything on
> the system as the user PostgreSQL is running as.

We would have to change it to an untrusted language. We could do that,
but it would mean a major reduction in the usefulness of plpython.
Few DBAs of average paranoia levels want to give superuser access to
their database users.

regards, tom lane

In response to

Expect problems with PL/Python and Python version 2.2.3+ & 2.3+ at 2003-05-25 22:48:33 from Sean Reifschneider

Responses

Re: Expect problems with PL/Python and Python version 2.2.3+ at 2003-05-26 06:46:20 from Guido van Rossum

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2003-05-26 06:22:54	Re: Testing patches
Previous Message	Bruce Momjian	2003-05-26 05:09:44	Re: ECPG thread-safety