Home > mailing lists

Re: plperl security - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: plperl security
Date	July 5, 2004 20:58:27
Msg-id	40E9C0E0.4070003@dunslane.net Whole thread Raw
In response to	Re: plperl security (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: plperl security (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view


Tom Lane wrote:

>Andrew Dunstan <andrew@dunslane.net> writes:
>  
>
>>Currently we have this in plperl.c:
>>  "require Safe;"
>>I am thinking of submitting a patch to replace this with "use Safe 
>>2.09;" to enforce use of a version without the known vulnerability.
>>    
>>
>
>This would break both plperl and plperlu on older Perls.  Please see
>if you can avoid breaking plperlu.
>
>For that matter, does plperl.c really cope properly with a failure in
>this code at all?  I sure don't see anything that looks like error
>handling in plperl_init_interp().
>
>
>  
>

I will look at it. It will probably require some non-trivial rework.

I do agree that we should not break more old stuff than is necessary.

cheers

andrew

pgsql-hackers by date:

From: Oliver Jowett
Date: 05 July 2004, 20:57:46
Subject: subtransactions and FETCH behaviour (was Re: PREPARE and transactions)

From: Bruce Momjian
Date: 05 July 2004, 21:13:56
Subject: Re: [BUGS] [CHECKER] 4 memory leaks in Postgresql 7.4.2

Re: plperl security - Mailing list pgsql-hackers

Previous

Next