Re: Safe security
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Safe security |
| Дата | |
| Msg-id | 4B8E8F61.9030008@dunslane.net обсуждение исходный текст |
| Ответ на | Safe security (was: plperl _init settings) (Tim Bunce <Tim.Bunce@pobox.com>) |
| Ответы |
Re: Safe security
Re: Safe security |
| Список | pgsql-hackers |
Tim Bunce wrote: > FYI the maintainers of Safe are aware of (at least) two exploits which > are being considered at the moment. > > You might want to soften the wording in > http://developer.postgresql.org/pgdocs/postgres/plperl-trusted.html > "There is no way to ..." is a stronger statement than can be justified. > Perhaps "There is no way provided to ...". > The docs for Safe http://search.cpan.org/~rgarcia/Safe-2.23/Safe.pm#WARNING > say "The authors make no warranty, implied or otherwise, about the > suitability of this software for safety or security purposes". > > > Well, we could put in similar weasel words I guess. But after all, Safe's very purpose is to provide a restricted execution environment, no? cheers andrew
В списке pgsql-hackers по дате отправления: