Sam Mason wrote:
On Thu, May 27, 2010 at 11:09:26PM -0400, Tom Lane wrote:
David Fetter <> writes:
I don't know about a *good* idea, but here's the one I've got.
1. Make a whitelist. This is what needs to work in order for a
language to be a fully functional trusted PL.
Well, I pretty much lose interest right here, because this is already
assuming that every potentially trusted PL is isomorphic in its

That's not normally a problem.  The conventional way would be to place
the interpreter in its own sandbox, similar to how Chrome has each tab
running in its own process.  These processes are protected in a way
so that the code running inside them can't do any harm--e.g. a ptrace
jail[1].  This is quite a change from existing pl implementations, and
present a different set of performance/compatibility issues.

I have my own translation of this last sentence.



Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to