Tom Lane wrote:
On Tue, Feb 08, 2005 at 11:12:07PM +0100, Thomas Hallgren wrote:
Is it OK to design a trusted language so that it allows access to
the filesystem provided that the session user is a super-user?
AFAICS, what Thomas proposes would be exactly equivalent to root running scripts owned by non-root users --- in this case, if session user is root then functions written by other people would be allowed to do things they normally shouldn't be able to do. It strikes me as a great loophole for Trojan-horse functions. Not that a sane superuser would run functions controlled by other people in the first place.
Agreed.
It's also not how other PLs work. I don't think this definition should be up to the individual language. So my answer to his question above would be "No".
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
