| From: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> |
| Subject: | Safe security (was: plperl _init settings) |
| Date: | 2010-03-03 16:15:58 |
| Message-ID: | 20100303161558.GQ1375@timac.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Mar 02, 2010 at 07:33:47PM -0500, Andrew Dunstan wrote:
>
> There appears to be some significant misunderstanding of what can be
> done effectively using the various *_init settings for plperl.
>
> In particular, some people have got an expectation that modules
> loaded in plperl.on_init will thereby be available for use in
> trusted plperl.
>
> I propose to add the following note to the docs:
>
> Preloading modules using plperl.on_init does not make them available
> for use by plperl. External perl modules can only be used in plperlu.
>
> Comments?
Sounds good.
FYI the maintainers of Safe are aware of (at least) two exploits which
are being considered at the moment.
You might want to soften the wording in
http://developer.postgresql.org/pgdocs/postgres/plperl-trusted.html
"There is no way to ..." is a stronger statement than can be justified.
The docs for Safe http://search.cpan.org/~rgarcia/Safe-2.23/Safe.pm#WARNING
say "The authors make no warranty, implied or otherwise, about the
suitability of this software for safety or security purposes".
Tim.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2010-03-03 16:33:37 | Re: Safe security |
| Previous Message | Yeb Havinga | 2010-03-03 16:08:04 | Re: USE_LIBXSLT in MSVC builds |