| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Jon Jensen <jon(at)endpoint(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: plperl Safe restrictions |
| Date: | 2004-10-15 15:16:05 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> You can now - it's part of :base_math. What we should do, however, is
> disallow is calling srand, since pg goes to quite a bit of trouble to
> seed the PRNG.
But changing the PRNG seed within one backend is not a security issue.
At least, we allow anyone to do "SET SEED" or call setseed, so I don't
see any reason to disallow it in plperl.
In general I'm pretty sure that no one has reviewed the list of
restrictions carefully, so by all means send in a patch once you've
done so.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-10-15 15:18:45 | Re: plperl Safe restrictions |
| Previous Message | Dave Page | 2004-10-15 14:12:26 | Re: get_progname and .exe suffix |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-10-15 15:18:45 | Re: plperl Safe restrictions |
| Previous Message | Reini Urban | 2004-10-15 10:43:14 | pg_regress --temp-keep |