Re: [HACKERS] 7.4 changes
On Tue, Oct 19, 2004 at 08:47:20AM -0400, Andrew Dunstan wrote: > But maybe we can just live with what we have and advertise that 8.0's > plperl is more secure. The release notes should point out that 7.4's plperl is unsecure unless the correct version of Safe.pm is installed. Maybe it works to make it croak if an unsafe version of Safe.pm is found? I'm not sure about "living with" known security vulnerabilities. What about ISPs which give Pg hosting with plperl installed? They surely will want to know about this. -- Alvaro Herrera () One man's impedance mismatch is another man's layer of abstraction. (Lincoln Yeoh) ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [HACKERS] 7.4 changes
Neil Conway wrote: On Tue, 2004-10-19 at 02:45, Andrew Dunstan wrote: *shrug* OK. Then plperl should probably not be regarded as being as "trusted" as we would like. Note that old versions of Safe.pm have been the subject of security advisories such as this one http://www.securityfocus.com/bid/6111/info/ for some time. Perhaps a compromise would be to require the newer version of Safe.pm, but leave the other changes for 8.0. Upgrading Safe.pm can presumably be done without needing any changes to the rest of one's pl/perl code. s/the rest of/any of/ Indeed it can. The other thing I suggested was removing the :base_io set of ops - I would regard plperl functions that did things like printing to STDOUT as broken to start with. But maybe we can just live with what we have and advertise that 8.0's plperl is more secure. cheers andrew ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] 7.4 changes
On Tue, 2004-10-19 at 02:45, Andrew Dunstan wrote: > *shrug* OK. Then plperl should probably not be regarded as being as > "trusted" as we would like. Note that old versions of Safe.pm have been > the subject of security advisories such as this one > http://www.securityfocus.com/bid/6111/info/ for some time. Perhaps a compromise would be to require the newer version of Safe.pm, but leave the other changes for 8.0. Upgrading Safe.pm can presumably be done without needing any changes to the rest of one's pl/perl code. -Neil ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] 7.4 changes
Tom Lane wrote: Andrew Dunstan <[EMAIL PROTECTED]> writes: Do we want to backport tighter security for plperl? In particular, insisting on Safe.pm >= 2.09 and removing the :base_io set of ops? I'd vote not: 7.4.5 => 7.4.6 is not an update that people would expect to break their plperl code ... *shrug* OK. Then plperl should probably not be regarded as being as "trusted" as we would like. Note that old versions of Safe.pm have been the subject of security advisories such as this one http://www.securityfocus.com/bid/6111/info/ for some time. cheers andrew ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [HACKERS] 7.4 changes
Andrew Dunstan <[EMAIL PROTECTED]> writes: > Do we want to backport tighter security for plperl? In particular, > insisting on Safe.pm >= 2.09 and removing the :base_io set of ops? I'd vote not: 7.4.5 => 7.4.6 is not an update that people would expect to break their plperl code ... regards, tom lane ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] 7.4 changes
Andrew Dunstan wrote: Tom Lane wrote: If anyone has any pending 7.4 fixes, getting them in in the next few days would be a Good Plan. Do we want to backport tighter security for plperl? In particular, insisting on Safe.pm >= 2.09 and removing the :base_io set of ops? And it would also be nice if we could add contrib/cube/expected/cube_1.out to the 7.4 branch, I think, so that more platforms could pass the contrib installcheck tests. cheers andrew ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] 7.4 changes
Tom Lane wrote: If anyone has any pending 7.4 fixes, getting them in in the next few days would be a Good Plan. Do we want to backport tighter security for plperl? In particular, insisting on Safe.pm >= 2.09 and removing the :base_io set of ops? cheers andrew ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html