diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 13:44:03 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 13:44:03 +0000 |
commit | 293913568e6a7a86fd1479e1cff8e2ecb58d6568 (patch) | |
tree | fc3b469a3ec5ab71b36ea97cc7aaddb838423a0c /doc/src/sgml/html/plperl-trusted.html | |
parent | Initial commit. (diff) | |
download | postgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.tar.xz postgresql-16-293913568e6a7a86fd1479e1cff8e2ecb58d6568.zip |
Adding upstream version 16.2.upstream/16.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/plperl-trusted.html')
-rw-r--r-- | doc/src/sgml/html/plperl-trusted.html | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/doc/src/sgml/html/plperl-trusted.html b/doc/src/sgml/html/plperl-trusted.html new file mode 100644 index 0000000..6729089 --- /dev/null +++ b/doc/src/sgml/html/plperl-trusted.html @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>45.5. Trusted and Untrusted PL/Perl</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="plperl-global.html" title="45.4. Global Values in PL/Perl" /><link rel="next" href="plperl-triggers.html" title="45.6. PL/Perl Triggers" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">45.5. Trusted and Untrusted PL/Perl</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="plperl-global.html" title="45.4. Global Values in PL/Perl">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="plperl.html" title="Chapter 45. PL/Perl — Perl Procedural Language">Up</a></td><th width="60%" align="center">Chapter 45. PL/Perl — Perl Procedural Language</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="45.6. PL/Perl Triggers">Next</a></td></tr></table><hr /></div><div class="sect1" id="PLPERL-TRUSTED"><div class="titlepage"><div><div><h2 class="title" style="clear: both">45.5. Trusted and Untrusted PL/Perl <a href="#PLPERL-TRUSTED" class="id_link">#</a></h2></div></div></div><a id="id-1.8.10.13.2" class="indexterm"></a><p> + Normally, PL/Perl is installed as a <span class="quote">“<span class="quote">trusted</span>”</span> programming + language named <code class="literal">plperl</code>. In this setup, certain Perl + operations are disabled to preserve security. In general, the + operations that are restricted are those that interact with the + environment. This includes file handle operations, + <code class="literal">require</code>, and <code class="literal">use</code> (for + external modules). There is no way to access internals of the + database server process or to gain OS-level access with the + permissions of the server process, + as a C function can do. Thus, any unprivileged database user can + be permitted to use this language. + </p><p> + Here is an example of a function that will not work because file + system operations are not allowed for security reasons: +</p><pre class="programlisting"> +CREATE FUNCTION badfunc() RETURNS integer AS $$ + my $tmpfile = "/tmp/badfile"; + open my $fh, '>', $tmpfile + or elog(ERROR, qq{could not open the file "$tmpfile": $!}); + print $fh "Testing writing to a file\n"; + close $fh or elog(ERROR, qq{could not close the file "$tmpfile": $!}); + return 1; +$$ LANGUAGE plperl; +</pre><p> + The creation of this function will fail as its use of a forbidden + operation will be caught by the validator. + </p><p> + Sometimes it is desirable to write Perl functions that are not + restricted. For example, one might want a Perl function that sends + mail. To handle these cases, PL/Perl can also be installed as an + <span class="quote">“<span class="quote">untrusted</span>”</span> language (usually called + <span class="application">PL/PerlU</span><a id="id-1.8.10.13.5.3" class="indexterm"></a>). + In this case the full Perl language is available. When installing the + language, the language name <code class="literal">plperlu</code> will select + the untrusted PL/Perl variant. + </p><p> + The writer of a <span class="application">PL/PerlU</span> function must take care that the function + cannot be used to do anything unwanted, since it will be able to do + anything that could be done by a user logged in as the database + administrator. Note that the database system allows only database + superusers to create functions in untrusted languages. + </p><p> + If the above function was created by a superuser using the language + <code class="literal">plperlu</code>, execution would succeed. + </p><p> + In the same way, anonymous code blocks written in Perl can use + restricted operations if the language is specified as + <code class="literal">plperlu</code> rather than <code class="literal">plperl</code>, but the caller + must be a superuser. + </p><div class="note"><h3 class="title">Note</h3><p> + While <span class="application">PL/Perl</span> functions run in a separate Perl + interpreter for each SQL role, all <span class="application">PL/PerlU</span> functions + executed in a given session run in a single Perl interpreter (which is + not any of the ones used for <span class="application">PL/Perl</span> functions). + This allows <span class="application">PL/PerlU</span> functions to share data freely, + but no communication can occur between <span class="application">PL/Perl</span> and + <span class="application">PL/PerlU</span> functions. + </p></div><div class="note"><h3 class="title">Note</h3><p> + Perl cannot support multiple interpreters within one process unless + it was built with the appropriate flags, namely either + <code class="literal">usemultiplicity</code> or <code class="literal">useithreads</code>. + (<code class="literal">usemultiplicity</code> is preferred unless you actually need + to use threads. For more details, see the + <span class="citerefentry"><span class="refentrytitle">perlembed</span></span> man page.) + If <span class="application">PL/Perl</span> is used with a copy of Perl that was not built + this way, then it is only possible to have one Perl interpreter per + session, and so any one session can only execute either + <span class="application">PL/PerlU</span> functions, or <span class="application">PL/Perl</span> functions + that are all called by the same SQL role. + </p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="plperl-global.html" title="45.4. Global Values in PL/Perl">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="plperl.html" title="Chapter 45. PL/Perl — Perl Procedural Language">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="45.6. PL/Perl Triggers">Next</a></td></tr><tr><td width="40%" align="left" valign="top">45.4. Global Values in PL/Perl </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 45.6. PL/Perl Triggers</td></tr></table></div></body></html>
\ No newline at end of file |