| From: | Doug McNaught <doug(at)wireboard(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kevin Jacobs <jacobs(at)penguin(dot)theopalgroup(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possible major bug in PlPython (plus some other ideas) |
| Date: | 2001-11-09 20:25:04 |
| Message-ID: | m3adxvsndr.fsf@belphigor.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> What worries me is not so much this particular hole, which is easily
> plugged now that we know about it, as that it suggests that Python's
> idea of a restricted environment is considerably less restricted than
> we would like. Perhaps there are other facilities that need to be
> turned off as well?
Could be. FWIW, Zope (www.zope.org) allows for Python scripts, created
and managed through the web, that run in a "sandbox" with many of the
same restrictions as PG puts on untrusted languages--they actually
disallow regex matching so you can't hang the webserver thread with a
regex that backtracks forever. Might be worthhhile for the plpython
folks to take a look at Zope.
> The alternative we could consider is to mark plpython as untrusted for
> 7.2, until someone has time for a more complete review of possible
> security problems.
This sounds like a good idea to me.
-Doug
--
Let us cross over the river, and rest under the shade of the trees.
--T. J. Jackson, 1863
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2001-11-09 20:32:31 | Re: best method of reloading pg_hba.conf |
| Previous Message | Stephan Szabo | 2001-11-09 20:17:19 | Re: 'real' strange problem in 7.1.3 |