Re: plperl security

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, plperlng-devel(at)pgfoundry(dot)org
Subject: Re: plperl security
Date: 2004-07-05 18:20:08
Message-ID: 2674.1089051608@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Currently we have this in plperl.c:
> "require Safe;"
> I am thinking of submitting a patch to replace this with "use Safe
> 2.09;" to enforce use of a version without the known vulnerability.

This would break both plperl and plperlu on older Perls. Please see
if you can avoid breaking plperlu.

For that matter, does plperl.c really cope properly with a failure in
this code at all? I sure don't see anything that looks like error
handling in plperl_init_interp().

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Meskes 2004-07-05 18:55:09 Re: [CHECKER] 4 memory leaks in Postgresql 7.4.2
Previous Message Andrew Dunstan 2004-07-05 18:12:50 Re: [Plperlng-devel] plperl security