Ron Johnson <[EMAIL PROTECTED]> writes: > On Thu, 2003-06-26 at 11:59, Tom Lane wrote:
> > Now that the rexec code is gone, it MUST be marked untrusted --- this is > > not a question for debate. Installing it as trusted would be a security > > hole. > > In what version is rexec removed? v2.3? If so, then there are > many people with Python 2.2 and even 2.1 who could still use > trusted PlPython. No--rexec was removed in 2.3 because it was found to be unfixably insecure, not because 2.3 broke anything. Earlier versions are just as insecure. -Doug ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
