File: plperl-trusted.html

package info (click to toggle)
pgadmin3 1.4.3-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 29,796 kB
  • ctags: 10,758
  • sloc: cpp: 55,356; sh: 6,164; ansic: 1,520; makefile: 576; sql: 482; xml: 100; perl: 18
file content (64 lines) | stat: -rw-r--r-- 3,549 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>38.5.Trusted and Untrusted PL/Perl</title>
<link rel="stylesheet" href="stylesheet.css" type="text/css">
<link rev="made" href="pgsql-docs@postgresql.org">
<meta name="generator" content="DocBook XSL Stylesheets V1.70.0">
<link rel="start" href="index.html" title="PostgreSQL 8.1.4 Documentation">
<link rel="up" href="plperl.html" title="Chapter38.PL/Perl - Perl Procedural Language">
<link rel="prev" href="plperl-global.html" title="38.4.Global Values in PL/Perl">
<link rel="next" href="plperl-triggers.html" title="38.6.PL/Perl Triggers">
<link rel="copyright" href="ln-legalnotice.html" title="Legal Notice">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="plperl-trusted"></a>38.5.Trusted and Untrusted PL/Perl</h2></div></div></div>
<a name="id732375"></a><p>   Normally, PL/Perl is installed as a &#8220;<span class="quote">trusted</span>&#8221; programming
   language named <code class="literal">plperl</code>.  In this setup, certain Perl
   operations are disabled to preserve security.  In general, the
   operations that are restricted are those that interact with the
   environment. This includes file handle operations,
   <code class="literal">require</code>, and <code class="literal">use</code> (for
   external modules).  There is no way to access internals of the
   database server process or to gain OS-level access with the
   permissions of the server process,
   as a C function can do.  Thus, any unprivileged database user may
   be permitted to use this language.
  </p>
<p>   Here is an example of a function that will not work because file
   system operations are not allowed for security reasons:
</p>
<pre class="programlisting">CREATE FUNCTION badfunc() RETURNS integer AS $$
    my $tmpfile = "/tmp/badfile";
    open my $fh, '&gt;', $tmpfile
        or elog(ERROR, qq{Could not open the file "$tmpfile": $!});
    print $fh "Testing writing to a file\n";
    close $fh or elog(ERROR, qq{Could not close the file "$tmpfile": $!});
    return 1;
$$ LANGUAGE plperl;</pre>
<p>
	The creation of this function will fail as its use of a forbidden
	operation will be be caught by the validator.
  </p>
<p>   Sometimes it is desirable to write Perl functions that are not
   restricted.  For example, one might want a Perl function that sends
   mail.  To handle these cases, PL/Perl can also be installed as an
   &#8220;<span class="quote">untrusted</span>&#8221; language (usually called
   <span class="application">PL/PerlU</span><a name="id732468"></a>).
   In this case the full Perl language is available.  If the
   <code class="command">createlang</code> program is used to install the
   language, the language name <code class="literal">plperlu</code> will select
   the untrusted PL/Perl variant.
  </p>
<p>   The writer of a <span class="application">PL/PerlU</span> function must take care that the function
   cannot be used to do anything unwanted, since it will be able to do
   anything that could be done by a user logged in as the database
   administrator.  Note that the database system allows only database
   superusers to create functions in untrusted languages.
  </p>
<p>   If the above function was created by a superuser using the language
   <code class="literal">plperlu</code>, execution would succeed.
  </p>
</div></body>
</html>