| From: | DeJuan Jackson <djackson(at)speedfc(dot)com> |
|---|---|
| To: | Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, tgl(at)sss(dot)pgh(dot)pa(dot)us, joconnor(at)cybermesa(dot)com, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PlPython |
| Date: | 2003-06-26 18:31:46 |
| Message-ID: | 3EFB3C12.7050802@speedfc.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
So, the issue is that rexec was supposed to be secure but it's not and
has be removed from future versions. Kevin has replace the calls of
rexec with a non-secure version (maybe 'exec'), therefore the calls to
plpython would be inherently insecure in the first place, so we have to
make it an untrusted language.
Correct?
Kevin Jacobs wrote:
>On Thu, 26 Jun 2003, DeJuan Jackson wrote:
>
>
>>Just wondering (I don't use or intend to use plpython), but why does it
>>need to be marked untrusted is the rexec code has been corrected.
>>
>>
>
>No corrected -- removed. Rexec is and will likely remain broken for at
>least one more Python release. Thus, it was decided to remove all support
>for it in Python, and consequently from PlPython.
>
>-Kevin
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mikhail Terekhov | 2003-06-26 18:39:45 | Re: PlPython |
| Previous Message | Ron Johnson | 2003-06-26 18:30:19 | Re: PlPython |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Brusser | 2003-06-26 18:37:24 | Core dump on HP |
| Previous Message | Ron Johnson | 2003-06-26 18:30:19 | Re: PlPython |