[COMMITTERS] pgsql: Add note that using PL/Python 2 and 3 in the same session will
in [PgSql]
|
Prev: [HACKERS] Does mbutils.c really need to use L'\0' ?
Next: [COMMITTERS] pgsql: Add note that using PL/Python 2and 3 in the same session will
From: Tom Lane on 6 Jul 2010 17:49 petere(a)postgresql.org (Peter Eisentraut) writes: > Log Message: > ----------- > Add note that using PL/Python 2 and 3 in the same session will probably crash Crash? I can see people regarding that as a security problem. Maybe we need to do something more pro-active to prevent such conflicts? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 6 Jul 2010 18:15 Peter Eisentraut <peter_e(a)gmx.net> writes: > On tis, 2010-07-06 at 17:49 -0400, Tom Lane wrote: >> Crash? I can see people regarding that as a security problem. Maybe we >> need to do something more pro-active to prevent such conflicts? > I don't see how. Loading any module that uses the same symbols as > another already loaded modules can cause the same problem. The scenario that worries me is that as soon as somebody has created both plpython2 and plpython3 functions in the same database, he's at risk of crashes or maybe worse, even if the functions weren't intended to be used together. I don't believe that the problem exists, or at least is of anywhere near the same scope, for ordinary loadable modules. As was noted earlier, ordinary modules don't have references to each other, which is why RTLD_LOCAL would be a good choice if it weren't for Python. (I assume that a sane linker will resolve a module's references to itself if possible, even if there are conflicts elsewhere.) The reason why Python has got an issue here is that it has such heavy dependence on add-on loadable modules, which have references to the core python.so library. So with two python.so versions loaded, you don't know which one an add-on module's symbol references will be resolved to. (I wonder if that would be fixable with some better use of symbol versioning? But that's something for the Python maintainers not us.) At this point it seems clear to me that we've not adequately thought through the implications of having two python versions in one application namespace, and I'm not sure the Python people have either. I think we need to do something to block that from happening, at least until we have a plausible way to make it work. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Tom Lane on 7 Jul 2010 17:31
Peter Eisentraut <peter_e(a)gmx.net> writes: > On tis, 2010-07-06 at 18:15 -0400, Tom Lane wrote: >> At this point it seems clear to me that we've not adequately thought >> through the implications of having two python versions in one >> application namespace, and I'm not sure the Python people have either. >> I think we need to do something to block that from happening, at least >> until we have a plausible way to make it work. > How about this? Yeah, I was going to suggest something involving find_rendezvous_variable to let the two versions of plpython check for each other. But doesn't the error need to be elog(FATAL)? If you just elog(ERROR) then the conflicting version of python.so is already loaded and able to cause problems. elog(FATAL) isn't very desirable maybe but it beats crashing. Minor grammatical nit: I think "session has previously used" would read better in the errdetail. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |