Re: plperl Safe restrictions

Tom Lane wrote:

>David Helgason <david(at)uti(dot)is> writes:
>
>
>>A postgres question I don't know the answer to is whether allowing the
>>user to trigger a segfault is a security problem.
>>
>>
>
>It would not be cool for a trusted language to allow such things, that's
>for sure.
>
>You could debate back and forth about whether we ought to allow it and
>warn that some versions of Perl may have exploitable bugs, but I'd
>prefer to err on the side of conservatism.
>
>
>
>

Well, the flipside of that is that we would force people to use the
untrusted version for these ops. This isn't a hypothetical case - it was
discovered by my giving Josh Berkus a solution to a problem he had which
required sorting in plperl, and which he found would only run under plperlu.

The question in my mind is "What are we protecting against?" ISTM it is
the use of the pl as a vector to attack the machine and postgres. Does a
segfault come into that category? After all, isn't it one of postgres's
strengths that we can survive individual backends crashing?

(Re srand, just remove "!srand" from the patch I sent in).

cheers

andrew