Re: Specification for Trusted PLs?
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Specification for Trusted PLs? |
| Дата | |
| Msg-id | 4BFFB616.9040002@dunslane.net обсуждение исходный текст |
| Ответ на | Re: Specification for Trusted PLs? (Sam Mason <sam@samason.me.uk>) |
| Список | pgsql-hackers |
Sam Mason wrote: > On Thu, May 27, 2010 at 11:09:26PM -0400, Tom Lane wrote: > >> David Fetter <david@fetter.org> writes: >> >>> I don't know about a *good* idea, but here's the one I've got. >>> >>> 1. Make a whitelist. This is what needs to work in order for a >>> language to be a fully functional trusted PL. >>> >> Well, I pretty much lose interest right here, because this is already >> assuming that every potentially trusted PL is isomorphic in its >> capabilities. >> > > That's not normally a problem. The conventional way would be to place > the interpreter in its own sandbox, similar to how Chrome has each tab > running in its own process. These processes are protected in a way > so that the code running inside them can't do any harm--e.g. a ptrace > jail[1]. This is quite a change from existing pl implementations, and > present a different set of performance/compatibility issues. > > I have my own translation of this last sentence. cheers andrew
В списке pgsql-hackers по дате отправления: