Tuesday, August 5, 2008

Re: [HACKERS] PL/PythonU

Hannu Krosing wrote:
> On Mon, 2008-08-04 at 13:08 -0400, David Blewett wrote:
>> Hi All:
>>
>> This is an off-shoot of the "Do we really want to migrate plproxy and
>> citext into PG core distribution?" thread.
>>
>> On the way home from PyOhio, I had a conversation with a few people
>> that use Zope a lot. I happened to mention that Postgres doesn't have
>> an untrusted version of pl/python and they were curious as to why.

Personally I'm also constantly mentioning it :-)

>> They directed me to Zope's Restricted Python implementation [1][2]. In
>> doing some research, I found the "Pl/Python -- current maintainer?"
>> [3] thread from 2006. I also found this [4] thread on the python-dev
>> mailing list.
>>
>> Hannu: You had mentioned bringing pl/python up to the level of some of
>> the other pl's. Have you thought any more about pl/pythonu?
>
> My recollection of old times (about python v. 1.6) was that the
> restricted sandboxes had some fatal flaws. I have not followed zope's
> RestrictedPython enough to have an opinion on its safety.

Yes, the old sandbox (restricted execution and bastion) used a
realatively naive approach of basically limiting only imports and iirc.
some file access objects.
That beeing not really bullet proof so these modules have been
removed. This should not be confused with the different approach
restricted python uses and which proofes to be successfull to date.

Regards
Tino

No comments: