From: | Szymon Guz <mabewlun(at)gmail(dot)com> |
---|---|
To: | Andres Freund <andres(at)2ndquadrant(dot)com> |
Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: plpython implementation |
Date: | 2013-06-30 12:46:50 |
Message-ID: | CAFjNrYsUjjcKM9nghZ4rW4LLze+foi7C1rPEDTJX2oN3qiDZ=A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 30 June 2013 14:45, Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
> On 2013-06-30 14:42:24 +0200, Szymon Guz wrote:
> > On 30 June 2013 14:31, Martijn van Oosterhout <kleptog(at)svana(dot)org> wrote:
> >
> > > On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote:
> > > > > python does not any any sort of reliable sandbox, so there is no
> > > plpython,
> > > > > only plpythonu - hence only one interpreter per backend is needed.
> > > > >
> > > > Is there any track of the discussion that there is no way to make the
> > > > sandbox? I managed to create some kind of sandbox, a simple
> modification
> > > > which totally disables importing modules, so I'm just wondering why
> it
> > > > cannot be done.
> > >
> > > http://wiki.python.org/moin/SandboxedPython
> > >
> > > This is the thread I was thinking of:
> > > http://mail.python.org/pipermail/python-dev/2009-February/086401.html
> > >
> > > If you read through it I think you will understand the difficulties.
> > >
> > thanks for links. I was thinking about something else. In fact we don't
> > need full sandbox, I think it would be enough to have safe python, if it
> > couldn't import any outside module. Wouldn't be enough?
> >
> > It seems like the sandbox modules want to limit many external operations,
> > I'm thinking about not being able to import any module, even standard
> ones,
> > wouldn't be enough?
>
> python
> >> open('/etc/passwd', 'r').readlines()
>
>
thanks :)
From | Date | Subject | |
---|---|---|---|
Next Message | Gurjeet Singh | 2013-06-30 13:55:23 | Re: review: Non-recursive processing of AND/OR lists |
Previous Message | Andres Freund | 2013-06-30 12:45:34 | Re: plpython implementation |