| From: | Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com> |
|---|---|
| To: | Hannu Krosing <hannu(at)tm(dot)ee> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Possible major bug in PlPython (plus some other ideas) |
| Date: | 2001-11-09 18:32:11 |
| Message-ID: | Pine.LNX.4.33.0111091331230.6879-100000@penguin.theopalgroup.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 9 Nov 2001, Hannu Krosing wrote:
> Kevin Jacobs wrote:
> >
> > > > 1) If Plpython is installed as a trusted language, and from what little I
> > > > can glean from the documentation, it should not have any filesystem access.
> > > > However, the default behavior of the restricted execution environment
> > > > being used allows read-only filesystem access.
> > >
> > > we have 'read-only filesystem access anyhow' :
> >
> > Then I consider this a bug if a non-super-user can do this.
>
> It's not that bad - only postgresql superuser can use copy to/from file
Ah -- then it still means we should take read-only filesystem access away
from plpython for now. If we want to implemente a trusted mode, then we can
add it back in.
-Kevin
--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19 E-mail: jacobs(at)theopalgroup(dot)com
Fax: (216) 986-0714 WWW: http://www.theopalgroup.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-11-09 18:44:38 | Re: Where might I propose a 'feature'? |
| Previous Message | Tom Lane | 2001-11-09 18:25:58 | Re: Call for objections: revision of keyword classification |