Re: Trusted plperl
| От | Travis Bauer |
|---|---|
| Тема | Re: Trusted plperl |
| Дата | |
| Msg-id | 20010420171403.A10058@ghost.cs.indiana.edu обсуждение исходный текст |
| Ответ на | Trusted plperl (msteele@inet-interactif.com) |
| Список | pgsql-general |
I worked on this a bit to get the sqrt function working in the plperl as distributed. I can't remember offhand the exact change to the source code. It's one of the plperl c files. You'd only have to change one or two lines of code (literally) to add in any additional opcodes. Even if the opcodes do not provide total security against crashing the system, they do prevent access to the underlying filesystem. Using the backquote operators, it would be easy to write a plperl function that would email a copy of the underlying database files, for example (if no opcodes prevented access). -- ---------------------------------------------------------------- Travis Bauer | CS Grad Student | IU |www.cs.indiana.edu/~trbauer ---------------------------------------------------------------- msteele@inet-interactif.com (msteele@inet-interactif.com) wrote: > > Hey folks, I sent out this question a while back without > ever getting an answer, so here I go again :) > > Has anyone managed to compile a trusted plperl interpreter > into postgres? The Opcode stuff which blocks the use of > external modules, and 99% of perl's built-in operators > really bugs me :( > > Since my postgres installations will never be accesible by > end-users, there are no risks for me to set up a fully trusted > interpreter. I think that if I could use perl's full power > from inside postgres I could make it do some very impressive > things and might simplify some application development. > > I would be more than glad to hack the code myself, but I very > little C. It would be amazing to be able to import abitrary perl > modules straight into a stored functions for those of us > who don't need the extra security that using Opcode provides. > > As a side note, the Opcode doesn't really provide that > much security to the imbedded interpreter. Some of the functions > which are allowed by the current setup can be easily used > to crash a system (for example, a badly built regular expression > with backreferences can eat up all available memory in seconds). > > Regards, > > -- > Mark Steele > Vice president research and development > Inet Technologies Inc. > msteele@inet-interactif.com > > 010110010110111101110101001000000110000101110010011001010010000001100100011101010110110101100010 > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
В списке pgsql-general по дате отправления: