Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-12 Thread Robert Haas
On Fri, Feb 12, 2010 at 8:56 AM, Andrew Dunstan wrote: > There is documentation in Tim's patch I am working on right now. I don't > think anything else is needed. Cool. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-12 Thread Robert Haas
On Fri, Feb 12, 2010 at 5:40 AM, Tim Bunce wrote: > What happens to patches marked 'ready for committer' after the > commitfest ends? We talk about it and figure out what to do. It'll be some combination of (1) last-minute commits, (2) postponing things to 9.1, and (3) rejecting things we don't

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-12 Thread Andrew Dunstan
Robert Haas wrote: The discussion on this seems to have died off. Andrew, do you have something you're planning to commit for this? I think we're kind of down to the level of bikeshedding here... There is documentation in Tim's patch I am working on right now. I don't think anything e

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-12 Thread Andrew Dunstan
Tim Bunce wrote: That updated patch is in the commitfest https://commitfest.postgresql.org/action/patch_view?id=271 >From talking to Andrew via IM I understand he's very busy, and also that he'll be traveling on Sunday and Monday. I certainly hope he can commit this patch today (along with th

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-12 Thread Tim Bunce
On Fri, Feb 12, 2010 at 12:22:28AM -0500, Robert Haas wrote: > On Wed, Feb 3, 2010 at 6:41 PM, Andrew Dunstan wrote: > > Tom Lane wrote: > >> Andrew Dunstan writes: > >> > >>> %_SHARED has been around for several years now, and if there are genuine > >>> security concerns about it ISTM they would

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-11 Thread Robert Haas
On Wed, Feb 3, 2010 at 6:41 PM, Andrew Dunstan wrote: > > > Tom Lane wrote: >> >> Andrew Dunstan writes: >> >>> >>> %_SHARED has been around for several years now, and if there are genuine >>> security concerns about it ISTM they would apply today, regardless of these >>> patches. >>> >> >> Yes.

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Robert Haas
On Wed, Feb 3, 2010 at 6:41 PM, Andrew Dunstan wrote: >> What I was actually wondering about, however, is the extent to which >> the semantics of Perl code could be changed from an on_init hook --- >> is there any equivalent of changing search_path or otherwise creating >> trojan-horse code that m

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Andrew Dunstan
Tom Lane wrote: Andrew Dunstan writes: %_SHARED has been around for several years now, and if there are genuine security concerns about it ISTM they would apply today, regardless of these patches. Yes. I am not at all happy about inserting nonstandard permissions checks into GUC a

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Robert Haas
On Wed, Feb 3, 2010 at 2:38 PM, Tim Bunce wrote: >> What I was actually wondering about, however, is the extent to which >> the semantics of Perl code could be changed from an on_init hook --- >> is there any equivalent of changing search_path or otherwise creating >> trojan-horse code that might

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tim Bunce
On Wed, Feb 03, 2010 at 02:04:47PM -0500, Tom Lane wrote: > Andrew Dunstan writes: > > %_SHARED has been around for several years now, and if there are genuine > > security concerns about it ISTM they would apply today, regardless of > > these patches. > > Yes. I am not at all happy about inse

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tom Lane
Alex Hunsaker writes: > On Wed, Feb 3, 2010 at 12:04, Tom Lane wrote: >> Yes.  I am not at all happy about inserting nonstandard permissions >> checks into GUC assign hooks > I think Tims solution is just to check in plperl.c right before we > eval it so not at SET time. Well, that would be *c

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 12:04, Tom Lane wrote: > Andrew Dunstan writes: >> %_SHARED has been around for several years now, and if there are genuine >> security concerns about it ISTM they would apply today, regardless of >> these patches. > > Yes.  I am not at all happy about inserting nonstandard

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Robert Haas
On Wed, Feb 3, 2010 at 1:49 PM, Alex Hunsaker wrote: > On Wed, Feb 3, 2010 at 11:43, Alex Hunsaker wrote: >> On Wed, Feb 3, 2010 at 11:28, Tom Lane wrote: >>> Tim Bunce writes: I do see a need for a GRANT check and I'm adding one now (based on the code in CreateFunction() in functionc

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread David E. Wheeler
On Feb 3, 2010, at 11:04 AM, Tom Lane wrote: > What I was actually wondering about, however, is the extent to which > the semantics of Perl code could be changed from an on_init hook --- > is there any equivalent of changing search_path or otherwise creating > trojan-horse code that might be execu

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tom Lane
Andrew Dunstan writes: > %_SHARED has been around for several years now, and if there are genuine > security concerns about it ISTM they would apply today, regardless of > these patches. Yes. I am not at all happy about inserting nonstandard permissions checks into GUC assign hooks --- they ar

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Andrew Dunstan
Tom Lane wrote: Tim Bunce writes: I do see a need for a GRANT check and I'm adding one now (based on the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad on IRC for the pointer). What exactly are you proposing to check, and where, and what do you think that will fi

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 11:43, Alex Hunsaker wrote: > On Wed, Feb 3, 2010 at 11:28, Tom Lane wrote: >> Tim Bunce writes: >>> I do see a need for a GRANT check and I'm adding one now (based on >>> the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad >>> on IRC for the pointer). >

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 11:28, Tom Lane wrote: > Tim Bunce writes: >> I do see a need for a GRANT check and I'm adding one now (based on >> the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad >> on IRC for the pointer). > > What exactly are you proposing to check, and where, and

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tom Lane
Tim Bunce writes: > I do see a need for a GRANT check and I'm adding one now (based on > the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad > on IRC for the pointer). What exactly are you proposing to check, and where, and what do you think that will fix? If the concern is th

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 10:56, Tim Bunce wrote: > On Wed, Feb 03, 2010 at 10:18:51AM -0700, Alex Hunsaker wrote: >> On Wed, Feb 3, 2010 at 09:31, Tim Bunce wrote: >> > On Tue, Feb 02, 2010 at 08:42:21PM -0700, Alex Hunsaker wrote: >> >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: >> >> >> >>

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tim Bunce
On Wed, Feb 03, 2010 at 10:18:51AM -0700, Alex Hunsaker wrote: > On Wed, Feb 3, 2010 at 09:31, Tim Bunce wrote: > > On Tue, Feb 02, 2010 at 08:42:21PM -0700, Alex Hunsaker wrote: > >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: > >> > >> >    SPI functions are not available when the code is r

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread David E. Wheeler
On Feb 3, 2010, at 9:21 AM, Alex Hunsaker wrote: >>> plperl.on_init - run on interpreter creation >>> plperl.on_plperl_init - run when then specialized for plperl >>> plperl.on_plperlu_init - run when then specialized for plperlu >> >> Hrm, I think I agree with Tom that we

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 10:18, Alex Hunsaker wrote: > On Wed, Feb 3, 2010 at 09:31, Tim Bunce wrote: >> On Tue, Feb 02, 2010 at 08:42:21PM -0700, Alex Hunsaker wrote: >> If we're going to bikeshed the names, I'd suggest: >> >>  plperl.on_init             - run on interpreter creation >>  plperl.o

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 09:31, Tim Bunce wrote: > On Tue, Feb 02, 2010 at 08:42:21PM -0700, Alex Hunsaker wrote: >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: >> >> >    SPI functions are not available when the code is run. >> >> Hrm, we might want to stick why in the docs or as a comment som

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tim Bunce
On Tue, Feb 02, 2010 at 08:42:21PM -0700, Alex Hunsaker wrote: > On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: > > >    SPI functions are not available when the code is run. > > Hrm, we might want to stick why in the docs or as a comment somewhere. > I think this was the main concern? > > * W

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Tom Lane
Robert Haas writes: > On Wed, Feb 3, 2010 at 9:51 AM, Alex Hunsaker wrote: >> Hey! I don't think were quite to that nasty B word yet :)  I would >> argue that treating plperl and plperlu as the same language just >> because it shares the same code is a mistake.  But I hate the idea of >> two cust

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Robert Haas
On Wed, Feb 3, 2010 at 9:51 AM, Alex Hunsaker wrote: > Hey! I don't think were quite to that nasty B word yet :)  I would > argue that treating plperl and plperlu as the same language just > because it shares the same code is a mistake.  But I hate the idea of > two custom_variable_classes for plp

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 06:41, Andrew Dunstan wrote: > > > Alex Hunsaker wrote: > > Well its already in. > Well *that's* easily fixed.  I think it's a bad idea, because it's unclear what you should put there and what the security implications are. >>> >>>  I can't sp

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Andrew Dunstan
Alex Hunsaker wrote: Well its already in. Well *that's* easily fixed. I think it's a bad idea, because it's unclear what you should put there and what the security implications are. I can't speak for its virtue, maybe Tim, Andrew? plperl.on_perl_init runs when t

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-03 Thread Alex Hunsaker
On Wed, Feb 3, 2010 at 00:46, Alex Hunsaker wrote: > On Tue, Feb 2, 2010 at 22:50, Tom Lane wrote: >> Alex Hunsaker writes: >>> On Tue, Feb 2, 2010 at 21:38, Tom Lane wrote: Alex Hunsaker writes: > Yeah the both is gross.  How about: > plperl.on_plperl_init > plperl.on_plperlu

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Alex Hunsaker
On Tue, Feb 2, 2010 at 22:50, Tom Lane wrote: > Alex Hunsaker writes: >> On Tue, Feb 2, 2010 at 21:38, Tom Lane wrote: >>> Alex Hunsaker writes: Yeah the both is gross.  How about: plperl.on_plperl_init plperl.on_plperlu_init plperl.on_init ? >> Well its already in. > > Wel

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Magnus Hagander
On Wednesday, February 3, 2010, Tom Lane wrote: > Alex Hunsaker writes: >> On Tue, Feb 2, 2010 at 21:38, Tom Lane wrote: >>> Alex Hunsaker writes: Yeah the both is gross.  How about: plperl.on_plperl_init plperl.on_plperlu_init plperl.on_init ? >>> >>> I like the first two.

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Tom Lane
Alex Hunsaker writes: > On Tue, Feb 2, 2010 at 21:38, Tom Lane wrote: >> Alex Hunsaker writes: >>> Yeah the both is gross.  How about: >>> plperl.on_plperl_init >>> plperl.on_plperlu_init >>> plperl.on_init ? >> >> I like the first two.  The problem of selecting a good name for the >> third o

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Alex Hunsaker
On Tue, Feb 2, 2010 at 21:38, Tom Lane wrote: > Alex Hunsaker writes: >> Yeah the both is gross.  How about: >> plperl.on_plperl_init >> plperl.on_plperlu_init >> plperl.on_init ? > > I like the first two.  The problem of selecting a good name for the > third one is easily solved: don't have it.

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Tom Lane
Alex Hunsaker writes: > Yeah the both is gross. How about: > plperl.on_plperl_init > plperl.on_plperlu_init > plperl.on_init ? I like the first two. The problem of selecting a good name for the third one is easily solved: don't have it. What would it be except a headache and a likely security

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Alex Hunsaker
On Tue, Feb 2, 2010 at 20:46, Robert Haas wrote: > On Tue, Feb 2, 2010 at 10:46 PM, Robert Haas wrote: >> On Tue, Feb 2, 2010 at 10:42 PM, Alex Hunsaker wrote: >>> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: This is an update the fourth of the patches to be split out from the form

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Robert Haas
On Tue, Feb 2, 2010 at 10:51 PM, Alvaro Herrera wrote: > Robert Haas escribió: >> On Tue, Feb 2, 2010 at 10:46 PM, Robert Haas wrote: >> > On Tue, Feb 2, 2010 at 10:42 PM, Alex Hunsaker wrote: >> >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: >> >>> This is an update the fourth of the patch

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Alvaro Herrera
Robert Haas escribió: > On Tue, Feb 2, 2010 at 10:46 PM, Robert Haas wrote: > > On Tue, Feb 2, 2010 at 10:42 PM, Alex Hunsaker wrote: > >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: > >>> This is an update the fourth of the patches to be split out from the > >>> former 'plperl feature patch

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Robert Haas
On Tue, Feb 2, 2010 at 10:46 PM, Robert Haas wrote: > On Tue, Feb 2, 2010 at 10:42 PM, Alex Hunsaker wrote: >> On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: >>> This is an update the fourth of the patches to be split out from the >>> former 'plperl feature patch 1'. >>> >>> Changes in this pat

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Robert Haas
On Tue, Feb 2, 2010 at 10:42 PM, Alex Hunsaker wrote: > On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: >> This is an update the fourth of the patches to be split out from the >> former 'plperl feature patch 1'. >> >> Changes in this patch: >> >> - Adds plperl.on_trusted_init and plperl.on_untrus

Re: [HACKERS] Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]

2010-02-02 Thread Alex Hunsaker
On Sat, Jan 30, 2010 at 08:49, Tim Bunce wrote: > This is an update the fourth of the patches to be split out from the > former 'plperl feature patch 1'. > > Changes in this patch: > > - Adds plperl.on_trusted_init and plperl.on_untrusted_init GUCs >    on_trusted_init is PGC_USERSET, on_untrusted