Howdy,
On Fri, May 21, 2010 at 11:21 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> So... can we get back to coming up with a reasonable
>> definition,
>
> (1) no access to system calls (including file and network I/O)
>
> (2) no access to process memory, other than variables defined within the
> PL.
>
> What else?
I ran across this comment in PL/Perl while implementing PL/Parrot, and
I think it should be taken into consideration for the definition of
trusted/untrusted:
/** plperl.on_plperl_init is currently PGC_SUSET to avoid issues whereby a* user who doesn't have USAGE privileges on
theplperl language could* possibly use SET plperl.on_plperl_init='...' to influence the behaviour* of any existing
plperlfunction that they can EXECUTE (which may be* security definer). Set*
http://archives.postgresql.org/pgsql-hackers/2010-02/msg00281.phpand* the overall thread.*/
Duke
--
Jonathan "Duke" Leto
jonathan@leto.net
http://leto.net