Tom Lane wrote:
David Helgason <[EMAIL PROTECTED]> writes:
A postgres question I don't know the answer to is whether allowing the user to trigger a segfault is a security problem.
It would not be cool for a trusted language to allow such things, that's for sure.
You could debate back and forth about whether we ought to allow it and warn that some versions of Perl may have exploitable bugs, but I'd prefer to err on the side of conservatism.
Well, the flipside of that is that we would force people to use the untrusted version for these ops. This isn't a hypothetical case - it was discovered by my giving Josh Berkus a solution to a problem he had which required sorting in plperl, and which he found would only run under plperlu.
The question in my mind is "What are we protecting against?" ISTM it is the use of the pl as a vector to attack the machine and postgres. Does a segfault come into that category? After all, isn't it one of postgres's strengths that we can survive individual backends crashing?
(Re srand, just remove "!srand" from the patch I sent in).
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
