summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/plperl-trusted.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml/html/plperl-trusted.html')
-rw-r--r--doc/src/sgml/html/plperl-trusted.html72
1 files changed, 72 insertions, 0 deletions
diff --git a/doc/src/sgml/html/plperl-trusted.html b/doc/src/sgml/html/plperl-trusted.html
new file mode 100644
index 0000000..becf7fd
--- /dev/null
+++ b/doc/src/sgml/html/plperl-trusted.html
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>44.5. Trusted and Untrusted PL/Perl</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="plperl-global.html" title="44.4. Global Values in PL/Perl" /><link rel="next" href="plperl-triggers.html" title="44.6. PL/Perl Triggers" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">44.5. Trusted and Untrusted PL/Perl</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="plperl-global.html" title="44.4. Global Values in PL/Perl">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="plperl.html" title="Chapter 44. PL/Perl — Perl Procedural Language">Up</a></td><th width="60%" align="center">Chapter 44. PL/Perl — Perl Procedural Language</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="44.6. PL/Perl Triggers">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="PLPERL-TRUSTED"><div class="titlepage"><div><div><h2 class="title" style="clear: both">44.5. Trusted and Untrusted PL/Perl</h2></div></div></div><a id="id-1.8.10.13.2" class="indexterm"></a><p>
+ Normally, PL/Perl is installed as a <span class="quote">“<span class="quote">trusted</span>”</span> programming
+ language named <code class="literal">plperl</code>. In this setup, certain Perl
+ operations are disabled to preserve security. In general, the
+ operations that are restricted are those that interact with the
+ environment. This includes file handle operations,
+ <code class="literal">require</code>, and <code class="literal">use</code> (for
+ external modules). There is no way to access internals of the
+ database server process or to gain OS-level access with the
+ permissions of the server process,
+ as a C function can do. Thus, any unprivileged database user can
+ be permitted to use this language.
+ </p><p>
+ Here is an example of a function that will not work because file
+ system operations are not allowed for security reasons:
+</p><pre class="programlisting">
+CREATE FUNCTION badfunc() RETURNS integer AS $$
+ my $tmpfile = "/tmp/badfile";
+ open my $fh, '&gt;', $tmpfile
+ or elog(ERROR, qq{could not open the file "$tmpfile": $!});
+ print $fh "Testing writing to a file\n";
+ close $fh or elog(ERROR, qq{could not close the file "$tmpfile": $!});
+ return 1;
+$$ LANGUAGE plperl;
+</pre><p>
+ The creation of this function will fail as its use of a forbidden
+ operation will be caught by the validator.
+ </p><p>
+ Sometimes it is desirable to write Perl functions that are not
+ restricted. For example, one might want a Perl function that sends
+ mail. To handle these cases, PL/Perl can also be installed as an
+ <span class="quote">“<span class="quote">untrusted</span>”</span> language (usually called
+ <span class="application">PL/PerlU</span><a id="id-1.8.10.13.5.3" class="indexterm"></a>).
+ In this case the full Perl language is available. When installing the
+ language, the language name <code class="literal">plperlu</code> will select
+ the untrusted PL/Perl variant.
+ </p><p>
+ The writer of a <span class="application">PL/PerlU</span> function must take care that the function
+ cannot be used to do anything unwanted, since it will be able to do
+ anything that could be done by a user logged in as the database
+ administrator. Note that the database system allows only database
+ superusers to create functions in untrusted languages.
+ </p><p>
+ If the above function was created by a superuser using the language
+ <code class="literal">plperlu</code>, execution would succeed.
+ </p><p>
+ In the same way, anonymous code blocks written in Perl can use
+ restricted operations if the language is specified as
+ <code class="literal">plperlu</code> rather than <code class="literal">plperl</code>, but the caller
+ must be a superuser.
+ </p><div class="note"><h3 class="title">Note</h3><p>
+ While <span class="application">PL/Perl</span> functions run in a separate Perl
+ interpreter for each SQL role, all <span class="application">PL/PerlU</span> functions
+ executed in a given session run in a single Perl interpreter (which is
+ not any of the ones used for <span class="application">PL/Perl</span> functions).
+ This allows <span class="application">PL/PerlU</span> functions to share data freely,
+ but no communication can occur between <span class="application">PL/Perl</span> and
+ <span class="application">PL/PerlU</span> functions.
+ </p></div><div class="note"><h3 class="title">Note</h3><p>
+ Perl cannot support multiple interpreters within one process unless
+ it was built with the appropriate flags, namely either
+ <code class="literal">usemultiplicity</code> or <code class="literal">useithreads</code>.
+ (<code class="literal">usemultiplicity</code> is preferred unless you actually need
+ to use threads. For more details, see the
+ <span class="citerefentry"><span class="refentrytitle">perlembed</span></span> man page.)
+ If <span class="application">PL/Perl</span> is used with a copy of Perl that was not built
+ this way, then it is only possible to have one Perl interpreter per
+ session, and so any one session can only execute either
+ <span class="application">PL/PerlU</span> functions, or <span class="application">PL/Perl</span> functions
+ that are all called by the same SQL role.
+ </p></div></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="plperl-global.html" title="44.4. Global Values in PL/Perl">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="plperl.html" title="Chapter 44. PL/Perl — Perl Procedural Language">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="44.6. PL/Perl Triggers">Next</a></td></tr><tr><td width="40%" align="left" valign="top">44.4. Global Values in PL/Perl </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 44.6. PL/Perl Triggers</td></tr></table></div></body></html> \ No newline at end of file