Tim Bunce wrote:
FYI the maintainers of Safe are aware of (at least) two exploits which are being considered at the moment. You might want to soften the wording in http://developer.postgresql.org/pgdocs/postgres/plperl-trusted.html "There is no way to ..." is a stronger statement than can be justified.
Perhaps "There is no way provided to ...".
The docs for Safe http://search.cpan.org/~rgarcia/Safe-2.23/Safe.pm#WARNING say "The authors make no warranty, implied or otherwise, about the suitability of this software for safety or security purposes".
Well, we could put in similar weasel words I guess. But after all, Safe's very purpose is to provide a restricted execution environment, no?
cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
