Re: 7.4 changes - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: 7.4 changes
Date
Msg-id 41750CD8.6070300@dunslane.net
Whole thread Raw
In response to Re: 7.4 changes  (Neil Conway <neilc@samurai.com>)
Responses Re: 7.4 changes
List pgsql-hackers

Neil Conway wrote:

>On Tue, 2004-10-19 at 02:45, Andrew Dunstan wrote:
>  
>
>>*shrug* OK. Then plperl should probably not be regarded as being as 
>>"trusted" as we would like. Note that old versions of Safe.pm  have been 
>>the subject of security advisories such as this one 
>>http://www.securityfocus.com/bid/6111/info/ for some time.
>>    
>>
>
>Perhaps a compromise would be to require the newer version of Safe.pm,
>but leave the other changes for 8.0. Upgrading Safe.pm can presumably be
>done without needing any changes to the rest of one's pl/perl code.
>
>
>  
>

s/the rest of/any of/

Indeed it can.

The other thing I suggested was removing the :base_io set of ops - I 
would regard plperl functions that did things like printing to STDOUT as 
broken to start with.

But maybe we can just live with what we have and advertise that 8.0's 
plperl is more secure.

cheers

andrew


pgsql-hackers by date:

Previous
From: "Marc G. Fournier"
Date:
Subject: Re: Time off
Next
From: Alvaro Herrera
Date:
Subject: Re: 7.4 changes