| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, plperlng-devel(at)pgfoundry(dot)org |
| Subject: | Re: plperl security |
| Date: | 2004-07-05 20:58:08 |
| Message-ID: | 40E9C0E0.4070003@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
>Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>
>
>>Currently we have this in plperl.c:
>> "require Safe;"
>>I am thinking of submitting a patch to replace this with "use Safe
>>2.09;" to enforce use of a version without the known vulnerability.
>>
>>
>
>This would break both plperl and plperlu on older Perls. Please see
>if you can avoid breaking plperlu.
>
>For that matter, does plperl.c really cope properly with a failure in
>this code at all? I sure don't see anything that looks like error
>handling in plperl_init_interp().
>
>
>
>
I will look at it. It will probably require some non-trivial rework.
I do agree that we should not break more old stuff than is necessary.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-07-05 21:13:23 | Re: [BUGS] [CHECKER] 4 memory leaks in Postgresql 7.4.2 |
| Previous Message | Oliver Jowett | 2004-07-05 20:45:52 | subtransactions and FETCH behaviour (was Re: PREPARE and transactions) |