Don't do that: Changing the working directory in a plpython function

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Don't do that: Changing the working directory in a plpython function

Wolfgang Walther
Hi,

this is on PG 12.5:

create extension plpython3u;
create function cwd() returns void
language plpython3u as $$
   import os
   os.chdir('/tmp')
$$;
select cwd();
create table t();

ERROR: could not open file "base/13457/2663": No such file or directory
LINE 1: create table t();

The server is now unusable, almost everything will throw.

Somebody did something similar on a server with a bit more stuff going
on and this gave:

PANIC: could not create file "pg_wal/xlogtemp.xxxxx": No such file or
directory

And then the whole PG server restarted.

It's not really that surprising - after the fact. Before, I wouldn't
have guessed that this has such an impact.

As a side-note: plperlu is obviously the same, but plperl blocks chdir.

I am not sure whether this is considered a bug or just in the category
"don't do that, stupid..."?

As a naive (super)user I wonder: Why can't PG just remember where the
data folder was when it started? It's not like I'm going to ever move
this folder while the server is running...

Best

Wolfgang


Reply | Threaded
Open this post in threaded view
|

Re: Don't do that: Changing the working directory in a plpython function

Magnus Hagander-2
On Fri, Nov 20, 2020 at 4:11 PM Wolfgang Walther
<[hidden email]> wrote:

>
> Hi,
>
> this is on PG 12.5:
>
> create extension plpython3u;
> create function cwd() returns void
> language plpython3u as $$
>    import os
>    os.chdir('/tmp')
> $$;
> select cwd();
> create table t();
>
> ERROR: could not open file "base/13457/2663": No such file or directory
> LINE 1: create table t();
>
> The server is now unusable, almost everything will throw.
>
> Somebody did something similar on a server with a bit more stuff going
> on and this gave:
>
> PANIC: could not create file "pg_wal/xlogtemp.xxxxx": No such file or
> directory
>
> And then the whole PG server restarted.
>
> It's not really that surprising - after the fact. Before, I wouldn't
> have guessed that this has such an impact.
>
> As a side-note: plperlu is obviously the same, but plperl blocks chdir.
>
> I am not sure whether this is considered a bug or just in the category
> "don't do that, stupid..."?


This is one of many things you can break when using an untrusted
procedural language. It's basically what the "untrusted" part means -
the lack of a sandbox preventing you from doing exactly this type of
thing (there's of course an almost infinite number of different ways
you can cause breakage when you get to run code without a sandbox,
this just happens to be a very simple one).

--
 Magnus Hagander
 Me: https://www.hagander.net/
 Work: https://www.redpill-linpro.com/