On Wed, Feb 3, 2010 at 2:38 PM, Tim Bunce <tim.bu...@pobox.com> wrote: >> What I was actually wondering about, however, is the extent to which >> the semantics of Perl code could be changed from an on_init hook --- >> is there any equivalent of changing search_path or otherwise creating >> trojan-horse code that might be executed unexpectedly? > > This seems like a reasonable 'vector of first choice': > > SET plperl.on_plperl_init = '$SIG{__WARN__} = sub { ... }'; > > and then do something to trigger a warning from some existing plperl > function. So I think the answer is yes.
Perl is actually full of places where you can do things like this, like exporting things into CORE::GLOBAL, or just polluting the package namespace in which the code will run. Not sure if any of this is prevented by Safe. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers