Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, Alex Hunsaker <badalex(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]
Date: 2010-02-04 02:13:11
Message-ID: 603c8f071002031813m3e5651dds373ff9f34a7f0a9f@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Feb 3, 2010 at 6:41 PM, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>> What I was actually wondering about, however, is the extent to which
>> the semantics of Perl code could be changed from an on_init hook ---
>> is there any equivalent of changing search_path or otherwise creating
>> trojan-horse code that might be executed unexpectedly?  And if so is
>> there any point in trying to guard against it?  AIUI there isn't
>> anything that can be done in on_init that couldn't be done in somebody
>> else's function anyhow.
>>
> The user won't be able to do anything in the on_init hook that they could
> not do from a plperl function anyway. In fact less, as SPI is not being made
> available.

But suppose the user doesn't have privileges to create a plperl
function, but they can set the GUC...

...Robert

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2010-02-04 02:16:44 Re: PG 9.0 and standard_conforming_strings
Previous Message Tom Lane 2010-02-04 01:10:29 Re: proposed PQconnectdbParams macros (was Re: [BUGS] BUG #5304: psql using conninfo fails in connecting to the server)