Skip site navigation (1) Skip section navigation (2)

pgsql: Abandon the use of Perl's Safe.pm to enforce restrictions in

From: adunstan(at)postgresql(dot)org (Andrew Dunstan)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Abandon the use of Perl's Safe.pm to enforce restrictions in
Date: 2010-05-13 16:39:43
Message-ID: 20100513163943.C76BF7541D2@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.

In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.

In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is 
replaced by our own routine, which is also faster.

Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.

Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.

Security: CVE-2010-1169

Modified Files:
--------------
    pgsql/doc/src/sgml:
        plperl.sgml (r2.83 -> r2.84)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/plperl.sgml?r1=2.83&r2=2.84)
    pgsql/src/pl/plperl:
        GNUmakefile (r1.43 -> r1.44)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/GNUmakefile?r1=1.43&r2=1.44)
        plc_perlboot.pl (r1.5 -> r1.6)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plc_perlboot.pl?r1=1.5&r2=1.6)
        plperl.c (r1.174 -> r1.175)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plperl.c?r1=1.174&r2=1.175)
    pgsql/src/pl/plperl/expected:
        plperl.out (r1.20 -> r1.21)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/expected/plperl.out?r1=1.20&r2=1.21)
        plperl_init.out (r1.3 -> r1.4)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/expected/plperl_init.out?r1=1.3&r2=1.4)
        plperl_plperlu.out (r1.3 -> r1.4)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/expected/plperl_plperlu.out?r1=1.3&r2=1.4)
    pgsql/src/pl/plperl/sql:
        plperl.sql (r1.18 -> r1.19)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/sql/plperl.sql?r1=1.18&r2=1.19)
        plperl_init.sql (r1.1 -> r1.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/sql/plperl_init.sql?r1=1.1&r2=1.2)
        plperl_plperlu.sql (r1.4 -> r1.5)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/sql/plperl_plperlu.sql?r1=1.4&r2=1.5)

Added Files:
-----------
    pgsql/src/pl/plperl:
        plc_trusted.pl (r1.1)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plc_trusted.pl?rev=1.1&content-type=text/x-cvsweb-markup)
        plperl_opmask.pl (r1.1)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plperl_opmask.pl?rev=1.1&content-type=text/x-cvsweb-markup)

Removed Files:
-------------
    pgsql/src/pl/plperl:
        plc_safe_bad.pl
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plc_safe_bad.pl)
        plc_safe_ok.pl
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/plperl/plc_safe_ok.pl)

pgsql-committers by date

Next:From: Andrew DunstanDate: 2010-05-13 16:40:36
Subject: pgsql: Abandon the use of Perl's Safe.pm to enforce restrictions in
Previous:From: Magnus HaganderDate: 2010-05-13 15:58:15
Subject: pgsql: Assorted fixes to make pg_upgrade build on MSVC.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group