Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

Alex Hunsaker <badalex@gmail.com>

From: Alex Hunsaker <badalex@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tim Bunce <Tim.Bunce@pobox.com>, pgsql-hackers@postgresql.org, Robert Haas <robertmhaas@gmail.com>
Date: 2010-02-03T18:43:40Z
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 11:28, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Tim Bunce <Tim.Bunce@pobox.com> writes:
>> I do see a need for a GRANT check and I'm adding one now (based on
>> the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad
>> on IRC for the pointer).
>
> What exactly are you proposing to check, and where, and what do you
> think that will fix?

Non plperl GRANTed people could modify the global $_SHARED variable.
Currently anyone that can make a plperl function can do anything they
want with $_SHARED.  So In my mind disallowing them to set
plperl.plperl_safe_init would make the permission model of $_SHARED
consistent.  No?  Now im not saying its a good permission model...