Replacing rexec
John J. Lee
jjl at pobox.com
Wed Jul 16 14:52:25 EDT 2003
Tim Gerla <tgerla at outsourcefinancial.com> writes:
[...]
> We are looking to use plpython in PostgreSQL, but it's being downgraded
> to "untrusted" and/or being completely removed because Python's rexec
> went away. Why did rexec go away, specifically? I know it had security
> issues, but couldn't these have been fixed? Did the module just have too
> many integral flaws in the design to be worth saving?
http://www.google.com/groups?as_q=rexec%20python-dev
> Is anyone working on a replacement? If not, why not? Even if plpython
> isn't very widely used, I think it's still important for advocacy. I'd
> much rather write Python than PL.
It might well be important for advocacy if it's insecure in some
important sense -- just not for advocates of Python ;-)
Have you considered using Jython, and making use of Java's sandbox
scheme? Google tells me PostgreSQL can do Java stored procedures, but
I don't know whether it's feasible to get Jython running in that
environment.
> Anyway, I'm looking for a summary of specific reasons why rexec went
> away without a replacement. I understand completely that it had flaws
> and was insecure; I'm only confused as to why these flaws were
> insurmountable.
There were a couple of known flaws, but I don't think the problem was
that they were insurmountable -- rather, it was just that the manpower
and eyeball-power was (and is) not there to get to a point where
people could be justifiably confident in rexec.
John
More information about the Python-list
mailing list