PlRuby(Postgres) and require


#1

Hi,

in PlRuby I am defining functions and I would like to load
some library:

create function dummy() returns void language ‘plruby’ as $$
require “yaml”
$$;
select dummy();

This yields in an “ERROR: Insecure operation - require”. At
least the string "yaml"s tainted state is a reason for this.
Inside the library classes will be defined (i.e. constants
will be set) what is prohibited, too.

It is a very easy excercise to modify the PlRuby library so
that it loads “yaml” before $SAFE is set. But then the
system is no longer compatible to others. The question I
would like to ask therefore is more elaborate:

What other ways are there and which is the best way to
include a library?

Thanks in advance,

Bertram


#2

“B” == Bertram S. removed_email_address@domain.invalid writes:

B> This yields in an “ERROR: Insecure operation - require”. At

By default, plruby run with $SAFE = 12

B> What other ways are there and which is the best way to
B> include a library?

You have 2 possibilities

  • compile plruby with $SAFE = 0

    ruby extconf.rb --with-safe-level=0 …

  • look in the directories src/conversions to see what it do in some
    special cases.

Guy Decoux


#3

Hi Guy,

Am Dienstag, 09. Jan 2007, 23:58:18 +0900 schrieb ts:

“B” == Bertram S. removed_email_address@domain.invalid writes:

B> This yields in an “ERROR: Insecure operation - require”. At

By default, plruby run with $SAFE = 12

Of course, I do not want to change this. So, I will extend
the local package.

The class I wrote was a small checksum algorithm for ‘check’
constraints. Maybe I wil make it subject to an extension
proposal sometimes.

Thanks.

Bertram