From afb17d912b4cb39dc31346dbb1d4816d5d0d687c Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Wed, 25 Jun 2003 01:18:58 +0000
Subject: > I've worked with the Pl/Python code in the past and will see about
 removing > rexec and making it an untrusted language.  Last time I looked, it
 didn't > look particularly difficult.  I've set aside some time next week, so
 stay > tuned.

Attached is a patch that removes all of the RExec code from plpython from
the current PostgreSQL CVS.  In addition, plpython needs to be changed to an
untrusted language in createlang.  Please let me know if there are any
problems.

Kevin Jacobs
---
 src/pl/plpython/plpython_error.sql | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'src/pl/plpython/plpython_error.sql')

diff --git a/src/pl/plpython/plpython_error.sql b/src/pl/plpython/plpython_error.sql
index 0cde4df9967..f1939eb8ffb 100644
--- a/src/pl/plpython/plpython_error.sql
+++ b/src/pl/plpython/plpython_error.sql
@@ -9,9 +9,5 @@ SELECT invalid_type_reraised('rick');
 SELECT valid_type('rick');
 
 -- Security sandbox tests
-SELECT read_file('/etc/passwd');
-SELECT write_file('/tmp/plpython','This is very bad');
-SELECT getpid();
-SELECT uname();
-SELECT sys_exit();
-SELECT sys_argv();
+SELECT write_file('/tmp/plpython','Only trusted users should be able to do this!');
+SELECT read_file('/tmp/plpython');
-- 
cgit v1.2.3