From: | Alex Hunsaker <badalex(at)gmail(dot)com> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, pgsql-hackers(at)postgresql(dot)org, "David E(dot) Wheeler" <david(at)kineticode(dot)com> |
Subject: | Re: Package namespace and Safe init cleanup for plperl [PATCH] |
Date: | 2010-02-13 04:08:38 |
Message-ID: | 34d269d41002122008rb7009b8rf078c7649afc72e6@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Feb 12, 2010 at 17:57, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>r
>
> Alex Hunsaker wrote:
>>
>> Yes it could allow people who
>> can set the plperl.*_init functions to muck with the safe.
>
> It's quite easy to subvert Safe.pm today, sadly. ...
If anything that sounds like an argument for it =)
> But that's quite different from us providing an undocumented way to expose
> arbitrary objects to the Safe container. In that case *we* become
> responsible for any insecure uses, and we don't even have the luxury of
> having put large warnings in the docs, because there aren't any docs.
Hrm... Not sure I agree with this point. If you are saying there is
some way to subvert safe by using these new vars thats not a bug (or
feature) of upstream safe. Then I agree. But if what you are saying
is as a (super)user I muck with these (internal) vars in my on_init
function and things become insecure. Then I disagree, its just a less
ugly (uniform and perhaps more secure?) way of doing the below:
NYTProf/ PgPLPerl.pm
# hack to make DB::finish_profile available within PL/Perl
use Safe;
my $orig_share_from = \&Safe::share_from;
*Safe::share_from = sub {
my $obj = shift;
$obj->$orig_share_from('DB', [ 'finish_profile' ]);
return $obj->$orig_share_from(@_);
};
> I still think if we do this at all it needs to be documented and surrounded
> with appropriate warnings.
This is really what I think the issue comes down to. I think the
feeling is if we document it then we have to support it in the future.
And we dont have a clear proposal, only a need. The attitude seems
to be, well its an implementation artifact that might disappear in the
future. Lets use it to help figure out what that future api should
like like.
I agree with Robert. At this point in the commit feast its not the
time to be discussing things like this (sorry I could not get to it
sooner Tim!) :( Though If a patch with good documentation does show
up Ill be happy to review it :)
From | Date | Subject | |
---|---|---|---|
Next Message | Alex Hunsaker | 2010-02-13 04:14:07 | Re: Package namespace and Safe init cleanup for plperl [PATCH] |
Previous Message | Robert Haas | 2010-02-13 03:39:17 | Re: knngist patch support |