Re: plpython implementation

From: Szymon Guz <mabewlun(at)gmail(dot)com>
To: Martijn van Oosterhout <kleptog(at)svana(dot)org>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: plpython implementation
Date: 2013-06-30 12:42:24
Message-ID: CAFjNrYv5_8NCOQbo6Sd60fQij_et7XAow1VwvOmxPpxYLxvzug@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 30 June 2013 14:31, Martijn van Oosterhout <kleptog(at)svana(dot)org> wrote:

> On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote:
> > > python does not any any sort of reliable sandbox, so there is no
> plpython,
> > > only plpythonu - hence only one interpreter per backend is needed.
> > >
> > Is there any track of the discussion that there is no way to make the
> > sandbox? I managed to create some kind of sandbox, a simple modification
> > which totally disables importing modules, so I'm just wondering why it
> > cannot be done.
>
> http://wiki.python.org/moin/SandboxedPython
>
> This is the thread I was thinking of:
> http://mail.python.org/pipermail/python-dev/2009-February/086401.html
>
> If you read through it I think you will understand the difficulties.
>
>
Hi Martin,
thanks for links. I was thinking about something else. In fact we don't
need full sandbox, I think it would be enough to have safe python, if it
couldn't import any outside module. Wouldn't be enough?

It seems like the sandbox modules want to limit many external operations,
I'm thinking about not being able to import any module, even standard ones,
wouldn't be enough?

Szymon

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2013-06-30 12:45:34 Re: plpython implementation
Previous Message Andrew Dunstan 2013-06-30 12:37:37 Re: plpython implementation