Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]
Alex Hunsaker <badalex@gmail.com>
From: Alex Hunsaker <badalex@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tim Bunce <Tim.Bunce@pobox.com>, pgsql-hackers@postgresql.org, Robert Haas <robertmhaas@gmail.com>
Date: 2010-02-03T18:49:01Z
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 11:43, Alex Hunsaker <badalex@gmail.com> wrote: > On Wed, Feb 3, 2010 at 11:28, Tom Lane <tgl@sss.pgh.pa.us> wrote: >> Tim Bunce <Tim.Bunce@pobox.com> writes: >>> I do see a need for a GRANT check and I'm adding one now (based on >>> the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad >>> on IRC for the pointer). >> >> What exactly are you proposing to check, and where, and what do you >> think that will fix? > > Non plperl ... Put another way: HEAD: only people with plperl granted can make functions to manipulate $_SHARED PATCH: anyone can set plperl.plperl_safe_init (but note not plperlu_init as its SUSER) and manipulate $_SHARED Proposed fix: only people with plperl granted can set plperl.plplerl_safe_init and hence restore HEAD behavior