1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>45.5. Trusted and Untrusted PL/Perl</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="plperl-global.html" title="45.4. Global Values in PL/Perl" /><link rel="next" href="plperl-triggers.html" title="45.6. PL/Perl Triggers" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">45.5. Trusted and Untrusted PL/Perl</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="plperl-global.html" title="45.4. Global Values in PL/Perl">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="plperl.html" title="Chapter 45. PL/Perl — Perl Procedural Language">Up</a></td><th width="60%" align="center">Chapter 45. PL/Perl — Perl Procedural Language</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="45.6. PL/Perl Triggers">Next</a></td></tr></table><hr /></div><div class="sect1" id="PLPERL-TRUSTED"><div class="titlepage"><div><div><h2 class="title" style="clear: both">45.5. Trusted and Untrusted PL/Perl <a href="#PLPERL-TRUSTED" class="id_link">#</a></h2></div></div></div><a id="id-1.8.10.13.2" class="indexterm"></a><p>
Normally, PL/Perl is installed as a <span class="quote">“<span class="quote">trusted</span>”</span> programming
language named <code class="literal">plperl</code>. In this setup, certain Perl
operations are disabled to preserve security. In general, the
operations that are restricted are those that interact with the
environment. This includes file handle operations,
<code class="literal">require</code>, and <code class="literal">use</code> (for
external modules). There is no way to access internals of the
database server process or to gain OS-level access with the
permissions of the server process,
as a C function can do. Thus, any unprivileged database user can
be permitted to use this language.
</p><p>
Here is an example of a function that will not work because file
system operations are not allowed for security reasons:
</p><pre class="programlisting">
CREATE FUNCTION badfunc() RETURNS integer AS $$
my $tmpfile = "/tmp/badfile";
open my $fh, '>', $tmpfile
or elog(ERROR, qq{could not open the file "$tmpfile": $!});
print $fh "Testing writing to a file\n";
close $fh or elog(ERROR, qq{could not close the file "$tmpfile": $!});
return 1;
$$ LANGUAGE plperl;
</pre><p>
The creation of this function will fail as its use of a forbidden
operation will be caught by the validator.
</p><p>
Sometimes it is desirable to write Perl functions that are not
restricted. For example, one might want a Perl function that sends
mail. To handle these cases, PL/Perl can also be installed as an
<span class="quote">“<span class="quote">untrusted</span>”</span> language (usually called
<span class="application">PL/PerlU</span><a id="id-1.8.10.13.5.3" class="indexterm"></a>).
In this case the full Perl language is available. When installing the
language, the language name <code class="literal">plperlu</code> will select
the untrusted PL/Perl variant.
</p><p>
The writer of a <span class="application">PL/PerlU</span> function must take care that the function
cannot be used to do anything unwanted, since it will be able to do
anything that could be done by a user logged in as the database
administrator. Note that the database system allows only database
superusers to create functions in untrusted languages.
</p><p>
If the above function was created by a superuser using the language
<code class="literal">plperlu</code>, execution would succeed.
</p><p>
In the same way, anonymous code blocks written in Perl can use
restricted operations if the language is specified as
<code class="literal">plperlu</code> rather than <code class="literal">plperl</code>, but the caller
must be a superuser.
</p><div class="note"><h3 class="title">Note</h3><p>
While <span class="application">PL/Perl</span> functions run in a separate Perl
interpreter for each SQL role, all <span class="application">PL/PerlU</span> functions
executed in a given session run in a single Perl interpreter (which is
not any of the ones used for <span class="application">PL/Perl</span> functions).
This allows <span class="application">PL/PerlU</span> functions to share data freely,
but no communication can occur between <span class="application">PL/Perl</span> and
<span class="application">PL/PerlU</span> functions.
</p></div><div class="note"><h3 class="title">Note</h3><p>
Perl cannot support multiple interpreters within one process unless
it was built with the appropriate flags, namely either
<code class="literal">usemultiplicity</code> or <code class="literal">useithreads</code>.
(<code class="literal">usemultiplicity</code> is preferred unless you actually need
to use threads. For more details, see the
<span class="citerefentry"><span class="refentrytitle">perlembed</span></span> man page.)
If <span class="application">PL/Perl</span> is used with a copy of Perl that was not built
this way, then it is only possible to have one Perl interpreter per
session, and so any one session can only execute either
<span class="application">PL/PerlU</span> functions, or <span class="application">PL/Perl</span> functions
that are all called by the same SQL role.
</p></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="plperl-global.html" title="45.4. Global Values in PL/Perl">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="plperl.html" title="Chapter 45. PL/Perl — Perl Procedural Language">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="plperl-triggers.html" title="45.6. PL/Perl Triggers">Next</a></td></tr><tr><td width="40%" align="left" valign="top">45.4. Global Values in PL/Perl </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 45.6. PL/Perl Triggers</td></tr></table></div></body></html>
|
