| Server IP : 103.119.228.120 / Your IP : 18.191.200.114 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/postgresql-9.2.24/html/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Trusted and Untrusted PL/Perl</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.2.24 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="PL/Perl - Perl Procedural Language"
HREF="plperl.html"><LINK
REL="PREVIOUS"
TITLE="Global Values in PL/Perl"
HREF="plperl-global.html"><LINK
REL="NEXT"
TITLE="PL/Perl Triggers"
HREF="plperl-triggers.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2017-11-06T22:43:11"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.2.24 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="Global Values in PL/Perl"
HREF="plperl-global.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="plperl.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Chapter 41. PL/Perl - Perl Procedural Language</TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="PL/Perl Triggers"
HREF="plperl-triggers.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="PLPERL-TRUSTED"
>41.5. Trusted and Untrusted PL/Perl</A
></H1
><P
> Normally, PL/Perl is installed as a <SPAN
CLASS="QUOTE"
>"trusted"</SPAN
> programming
language named <TT
CLASS="LITERAL"
>plperl</TT
>. In this setup, certain Perl
operations are disabled to preserve security. In general, the
operations that are restricted are those that interact with the
environment. This includes file handle operations,
<TT
CLASS="LITERAL"
>require</TT
>, and <TT
CLASS="LITERAL"
>use</TT
> (for
external modules). There is no way to access internals of the
database server process or to gain OS-level access with the
permissions of the server process,
as a C function can do. Thus, any unprivileged database user can
be permitted to use this language.
</P
><P
> Here is an example of a function that will not work because file
system operations are not allowed for security reasons:
</P><PRE
CLASS="PROGRAMLISTING"
>CREATE FUNCTION badfunc() RETURNS integer AS $$
my $tmpfile = "/tmp/badfile";
open my $fh, '>', $tmpfile
or elog(ERROR, qq{could not open the file "$tmpfile": $!});
print $fh "Testing writing to a file\n";
close $fh or elog(ERROR, qq{could not close the file "$tmpfile": $!});
return 1;
$$ LANGUAGE plperl;</PRE
><P>
The creation of this function will fail as its use of a forbidden
operation will be caught by the validator.
</P
><P
> Sometimes it is desirable to write Perl functions that are not
restricted. For example, one might want a Perl function that sends
mail. To handle these cases, PL/Perl can also be installed as an
<SPAN
CLASS="QUOTE"
>"untrusted"</SPAN
> language (usually called
<SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
>).
In this case the full Perl language is available. When installing the
language, the language name <TT
CLASS="LITERAL"
>plperlu</TT
> will select
the untrusted PL/Perl variant.
</P
><P
> The writer of a <SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
> function must take care that the function
cannot be used to do anything unwanted, since it will be able to do
anything that could be done by a user logged in as the database
administrator. Note that the database system allows only database
superusers to create functions in untrusted languages.
</P
><P
> If the above function was created by a superuser using the language
<TT
CLASS="LITERAL"
>plperlu</TT
>, execution would succeed.
</P
><P
> In the same way, anonymous code blocks written in Perl can use
restricted operations if the language is specified as
<TT
CLASS="LITERAL"
>plperlu</TT
> rather than <TT
CLASS="LITERAL"
>plperl</TT
>, but the caller
must be a superuser.
</P
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
> While <SPAN
CLASS="APPLICATION"
>PL/Perl</SPAN
> functions run in a separate Perl
interpreter for each SQL role, all <SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
> functions
executed in a given session run in a single Perl interpreter (which is
not any of the ones used for <SPAN
CLASS="APPLICATION"
>PL/Perl</SPAN
> functions).
This allows <SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
> functions to share data freely,
but no communication can occur between <SPAN
CLASS="APPLICATION"
>PL/Perl</SPAN
> and
<SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
> functions.
</P
></BLOCKQUOTE
></DIV
><DIV
CLASS="NOTE"
><BLOCKQUOTE
CLASS="NOTE"
><P
><B
>Note: </B
> Perl cannot support multiple interpreters within one process unless
it was built with the appropriate flags, namely either
<TT
CLASS="LITERAL"
>usemultiplicity</TT
> or <TT
CLASS="LITERAL"
>useithreads</TT
>.
(<TT
CLASS="LITERAL"
>usemultiplicity</TT
> is preferred unless you actually need
to use threads. For more details, see the
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>perlembed</SPAN
></SPAN
> man page.)
If <SPAN
CLASS="APPLICATION"
>PL/Perl</SPAN
> is used with a copy of Perl that was not built
this way, then it is only possible to have one Perl interpreter per
session, and so any one session can only execute either
<SPAN
CLASS="APPLICATION"
>PL/PerlU</SPAN
> functions, or <SPAN
CLASS="APPLICATION"
>PL/Perl</SPAN
> functions
that are all called by the same SQL role.
</P
></BLOCKQUOTE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="plperl-global.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="plperl-triggers.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Global Values in PL/Perl</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="plperl.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>PL/Perl Triggers</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>