Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q6a2c-00074X-9A for pgsql-hackers@arkaria.postgresql.org; Tue, 06 Jun 2023 17:00:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q6a2b-000435-6R for pgsql-hackers@arkaria.postgresql.org; Tue, 06 Jun 2023 17:00:17 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q6a2a-0003z4-Rj for pgsql-hackers@lists.postgresql.org; Tue, 06 Jun 2023 17:00:16 +0000 Received: from anastigmatix.net ([68.171.219.55]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q6a2Y-000Yz3-EY for pgsql-hackers@lists.postgresql.org; Tue, 06 Jun 2023 17:00:15 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=anastigmatix.net; s=default; h=Content-Transfer-Encoding:Content-Type: Message-ID:References:In-Reply-To:Subject:Cc:To:From:Date:MIME-Version:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=yb2EMCIC7i80TxEXNF67WPyLmd6vMCFF5j6gx0iP9ag=; b=uyH+bOtQafonbH/LBr2M230kxd wpMd8GUARsD/kWjbyVIImQ9+PqVwHdsw59ModkU25vN5xNIjaU4Eu9SKXTSfW3hsk5rAO24Td/SmT Y1qWP/B+3UysxMRbZO716p5tM3eHTI5zwry04IbqBOud0DsU2drjbhwFKb2ZPCh53XHkGfixw/2aM leUtiFWAMZNZ/kZIbk4wbfxApa3wDgb9GBr1YPStPItQ7usfQPEkIBEF9CrNOVBvHVhECutlYhpoz Kp7DpaYrUz3sCKcBkG0kB9nk6PKjXwNv21ritQJNdr32e1A+VRHlHjLsBYOFeKgje2ItdzIhnUrHj QkPP/8FA==; Received: from [::1] (port=33840 helo=bay.acenet.us) by bay.acenet.us with esmtpa (Exim 4.96) (envelope-from ) id 1q6a2V-0010yj-2x; Tue, 06 Jun 2023 13:00:12 -0400 MIME-Version: 1.0 Date: Tue, 06 Jun 2023 13:00:11 -0400 From: chap@anastigmatix.net To: Heikki Linnakangas Cc: Konstantin Knizhnik , pgsql-hackers@lists.postgresql.org Subject: Re: Let's make PostgreSQL multi-threaded In-Reply-To: References: <31cc6df9-53fe-3cd9-af5b-ac0d801163f4@iki.fi> <4178104.1685978307@sss.pgh.pa.us> <4658520e-5cd0-6242-e54c-c3af0a85890a@garret.ru> <6c99fe026eea03fd8aac91aac7143301@anastigmatix.net> User-Agent: Roundcube Webmail/1.6.0 Message-ID: X-Sender: chap@anastigmatix.net Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - bay.acenet.us X-AntiAbuse: Original Domain - lists.postgresql.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - anastigmatix.net X-Get-Message-Sender-Via: bay.acenet.us: authenticated_id: chap@anastigmatix.net X-Authenticated-Sender: bay.acenet.us: chap@anastigmatix.net X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 2023-06-06 12:24, Heikki Linnakangas wrote: > I'm afraid having multiple processes and JVMs doesn't help that. > If you can escape the one JVM in one backend process, it's game over. So there's escape and there's escape, right? Java still prioritizes (and has, in fact, strengthened) barriers against breaking module encapsulation, or getting access to arbitrary native memory or code. The features that have been deprecated, to eventually go away, are the ones that offer fine-grained control over operations that there are Java APIs for. Eventually it won't be as easy as it is now to say "ok, your function gets to open these files or these sockets but not those ones." Even for those things, there may yet be solutions. There are Java APIs for virtualizing the view of the file system, for example. It's yet to be seen how things will shake out. Configuration may get trickier, and there may be some incentive to to include, say, sepgsql in the picture. Sure, even access to a file API can be game over, depending on what file you open, but that's already the risk for every PL with an 'untrusted' flavor. Regards, -Chap