Re: Interpretation of TRUSTED
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Interpretation of TRUSTED |
| Дата | |
| Msg-id | 4209497B.2010205@dunslane.net обсуждение исходный текст |
| Ответ на | Re: Interpretation of TRUSTED (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Tom Lane wrote: > > >>On Tue, Feb 08, 2005 at 11:12:07PM +0100, Thomas Hallgren wrote: >> >> >>>Is it OK to design a trusted language so that it allows access to >>>the filesystem provided that the session user is a super-user? >>> >>> > >AFAICS, what Thomas proposes would be exactly equivalent to root running >scripts owned by non-root users --- in this case, if session user is >root then functions written by other people would be allowed to do >things they normally shouldn't be able to do. It strikes me as a great >loophole for Trojan-horse functions. Not that a sane superuser would >run functions controlled by other people in the first place. > > > > Agreed. It's also not how other PLs work. I don't think this definition should be up to the individual language. So my answer to his question above would be "No". cheers andrew
В списке pgsql-hackers по дате отправления: