On Wed, Jul 20, 2022 at 07:31:47PM -0700, Gurjeet Singh wrote: > Moving the report from security to -hackers on Noah's advice. Since > the function(s) involved in the crash are not present in any of the > released versions, it is not considered a security issue. > > I can confirm that this is reproducible on the latest commit on > master, 3c0bcdbc66. Below is the original analysis, followed by Noah's > analysis. > > To be able to reproduce it, please note that perl support is required; > hence `./configure --with-perl`. > > The note about 'security concerns around on_plperl_init parameter', > below, refers to now-fixed issue, at commit 13d8388151.
This ACL lookup still happens when pre-loading libraries at session startup with custom GUCs, as this checks if the GUC can be changed by the user connecting or not. I am adding an open item to track that. -- Michael
signature.asc
Description: PGP signature
