Re: Possible major bug in PlPython (plus some other ideas)
| От | Kevin Jacobs |
|---|---|
| Тема | Re: Possible major bug in PlPython (plus some other ideas) |
| Дата | |
| Msg-id | Pine.LNX.4.33.0111091331230.6879-100000@penguin.theopalgroup.com обсуждение исходный текст |
| Ответ на | Re: Possible major bug in PlPython (plus some other ideas) (Hannu Krosing <hannu@tm.ee>) |
| Список | pgsql-hackers |
On Fri, 9 Nov 2001, Hannu Krosing wrote: > Kevin Jacobs wrote: > > > > > > 1) If Plpython is installed as a trusted language, and from what little I > > > > can glean from the documentation, it should not have any filesystem access. > > > > However, the default behavior of the restricted execution environment > > > > being used allows read-only filesystem access. > > > > > > we have 'read-only filesystem access anyhow' : > > > > Then I consider this a bug if a non-super-user can do this. > > It's not that bad - only postgresql superuser can use copy to/from file Ah -- then it still means we should take read-only filesystem access away from plpython for now. If we want to implemente a trusted mode, then we can add it back in. -Kevin -- Kevin Jacobs The OPAL Group - Enterprise Systems Architect Voice: (216) 986-0710 x 19 E-mail: jacobs@theopalgroup.com Fax: (216) 986-0714 WWW: http://www.theopalgroup.com
В списке pgsql-hackers по дате отправления: