From: | Szymon Guz <mabewlun(at)gmail(dot)com> |
---|---|
To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: plpython implementation |
Date: | 2013-06-30 12:42:24 |
Message-ID: | CAFjNrYv5_8NCOQbo6Sd60fQij_et7XAow1VwvOmxPpxYLxvzug@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 30 June 2013 14:31, Martijn van Oosterhout <kleptog(at)svana(dot)org> wrote:
> On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote:
> > > python does not any any sort of reliable sandbox, so there is no
> plpython,
> > > only plpythonu - hence only one interpreter per backend is needed.
> > >
> > Is there any track of the discussion that there is no way to make the
> > sandbox? I managed to create some kind of sandbox, a simple modification
> > which totally disables importing modules, so I'm just wondering why it
> > cannot be done.
>
> http://wiki.python.org/moin/SandboxedPython
>
> This is the thread I was thinking of:
> http://mail.python.org/pipermail/python-dev/2009-February/086401.html
>
> If you read through it I think you will understand the difficulties.
>
>
Hi Martin,
thanks for links. I was thinking about something else. In fact we don't
need full sandbox, I think it would be enough to have safe python, if it
couldn't import any outside module. Wouldn't be enough?
It seems like the sandbox modules want to limit many external operations,
I'm thinking about not being able to import any module, even standard ones,
wouldn't be enough?
Szymon
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2013-06-30 12:45:34 | Re: plpython implementation |
Previous Message | Andrew Dunstan | 2013-06-30 12:37:37 | Re: plpython implementation |