Quick Links

Re: plperl security

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, plperlng-devel(at)pgfoundry(dot)org
Subject:	Re: plperl security
Date:	2004-07-05 18:20:08
Message-ID:	2674.1089051608@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Currently we have this in plperl.c:
> "require Safe;"
> I am thinking of submitting a patch to replace this with "use Safe
> 2.09;" to enforce use of a version without the known vulnerability.

This would break both plperl and plperlu on older Perls. Please see
if you can avoid breaking plperlu.

For that matter, does plperl.c really cope properly with a failure in
this code at all? I sure don't see anything that looks like error
handling in plperl_init_interp().

regards, tom lane

In response to

plperl security at 2004-07-05 17:49:49 from Andrew Dunstan

Responses

Re: plperl security at 2004-07-05 20:58:08 from Andrew Dunstan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Michael Meskes	2004-07-05 18:55:09	Re: [CHECKER] 4 memory leaks in Postgresql 7.4.2
Previous Message	Andrew Dunstan	2004-07-05 18:12:50	Re: [Plperlng-devel] plperl security