Quick Links

plperl security

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Cc:	plperlng-devel(at)pgfoundry(dot)org
Subject:	plperl security
Date:	2004-07-05 17:49:49
Message-ID:	40E994BD.1090504@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

There is a known security issue with the perl Safe module versions up to
and including 2.07 (and 2.08 had a life of 1 day before 2.09 was
released). see

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323

Currently we have this in plperl.c:
"require Safe;"

I am thinking of submitting a patch to replace this with "use Safe
2.09;" to enforce use of a version without the known vulnerability.

Any objections?

cheers

andrew

Responses

Re: [Plperlng-devel] plperl security at 2004-07-05 17:55:02 from Joshua D. Drake
Re: plperl security at 2004-07-05 18:20:08 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Joshua D. Drake	2004-07-05 17:55:02	Re: [Plperlng-devel] plperl security
Previous Message	Andrew Dunstan	2004-07-05 16:28:32	Re: strange bug in plperl