Re: allow building trusted languages without the untrusted versions
| От | Robert Haas |
|---|---|
| Тема | Re: allow building trusted languages without the untrusted versions |
| Дата | |
| Msg-id | CA+TgmoaifUaJRRqAHiJ+4dYRNkU-CG=TJsGPKpMmfPfCY3RVKg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: allow building trusted languages without the untrusted versions (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On Wed, May 25, 2022 at 4:07 PM Stephen Frost <sfrost@snowman.net> wrote: > The very specific "it'd be nice to build PG w/o having untrusted > languages compiled in" is at least reasonably clearly contained and > reasonable to see if we are, in fact, doing what we claim we're doing > with such a switch. A switch that's "--disable-disk-access" seems to > be basically impossible for it to *really* do what a simple reading of > the option implies (clearly we're going to access the disk..) and even > if we try to say "well, not direct disk access" then does that need to > disable ALTER SYSTEM (or just for certain GUCs..?) along with things > like pg_write_server_files and pg_execute_server_programs, and probably > modifying pg_proc and maybe modification of the other PG catalogs? But > then, what if you actually need to modify pg_proc due to what we say to > do in release notes or for other reasons? Would you have to replace the > PG binaries to do so? That doesn't strike me as particularly > reasonable. +1 to all that. The original proposal was self-contained and reasonable on its face. Blowing it up into a general --disable-disk-access feature makes it both a lot more difficult and a lot less well-defined. -- Robert Haas EDB: http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: