From 1f474d299d02c398fa627d09d23a7a6a1079a310 Mon Sep 17 00:00:00 2001 From: Andrew Dunstan Date: Thu, 13 May 2010 16:39:43 +0000 Subject: Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169 --- src/pl/plperl/sql/plperl_init.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/pl/plperl/sql/plperl_init.sql') diff --git a/src/pl/plperl/sql/plperl_init.sql b/src/pl/plperl/sql/plperl_init.sql index 69b12e9d25f..f6a32b9bae4 100644 --- a/src/pl/plperl/sql/plperl_init.sql +++ b/src/pl/plperl/sql/plperl_init.sql @@ -3,7 +3,7 @@ -- Avoid need for custom_variable_classes = 'plperl' LOAD 'plperl'; -SET SESSION plperl.on_plperl_init = ' eval "1+1" '; +SET SESSION plperl.on_plperl_init = ' system("/nonesuch") '; SHOW plperl.on_plperl_init; -- cgit v1.2.3