Re: Add on_trusted_init and on_untrusted_init to plperl [PATCH]
Tim Bunce <tim.bunce@pobox.com>
From: Tim Bunce <Tim.Bunce@pobox.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, Tim Bunce <Tim.Bunce@pobox.com>, pgsql-hackers@postgresql.org
Date: 2010-01-28T19:55:09Z
Lists: pgsql-hackers
On Thu, Jan 28, 2010 at 12:12:58PM -0500, Tom Lane wrote: > Andrew Dunstan <andrew@dunslane.net> writes: > > Tom Lane wrote: > >> Isn't it a security hole if on_trusted_init is USERSET? That means > >> an unprivileged user can determine what will happen in plperlu. > >> SUSET would be saner. > > > ITYM on_untrusted_init. > > Right, sorry, got 'em backwards. I've done that several times. The naming is tricky because it's very dependent on your point of view. The 'trusted' language is for running 'untrusted' code and the 'untrusted' language is for running 'trusted' code. The naming convention is unfortunate. Just an observation from a newbie. I imagine it's been pointed out before. Tim.