Hello,
I know there is a patch coming Monday with a great deal of bug fixes.
J
On Fri, 9 Jul 2004, Tom Lane wrote:
> Andrew Dunstan <[EMAIL PROTECTED]> writes:
> > OK, I have a setup that instead of refusing to load trusted functions if
> > the Safe version is not up to date, forces them to e
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> OK, I have a setup that instead of refusing to load trusted functions if
> the Safe version is not up to date, forces them to error out by calling
> elog(ERROR...), thus:
> andrew=# select tval();
> ERROR: trusted perl functions disabled - please upg
Tom Lane wrote:
Recovering when you get an error is probably the trickiest part of this.
OK, I have a setup that instead of refusing to load trusted functions if
the Safe version is not up to date, forces them to error out by calling
elog(ERROR...), thus:
andrew=# select tval();
ERROR: trus
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Tom Lane wrote:
That would work. You'd need two state flags instead of just one, but
that doesn't seem bad.
'splain please :-)
Maybe you weren't thinking of the same thing, but what I was imagining
was one state fla
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Tom Lane wrote:
>> That would work. You'd need two state flags instead of just one, but
>> that doesn't seem bad.
> 'splain please :-)
Maybe you weren't thinking of the same thing, but what I was imagining
was one state flag to remember that you'd cre
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
The thing is that unlike TCL we have one interpreter for both trusted
and untrusted cases.
My thinking is to factor out all the code that only applies to trusted
cases from the interpreter init code, and only call it if we try
Andrew Dunstan wrote:
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Currently we have this in plperl.c:
"require Safe;"
I am thinking of submitting a patch to replace this with "use Safe
2.09;" to enforce use of a version without the known vulnerability.
This would break bot
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> The thing is that unlike TCL we have one interpreter for both trusted
> and untrusted cases.
> My thinking is to factor out all the code that only applies to trusted
> cases from the interpreter init code, and only call it if we try to
> compile a tr
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Currently we have this in plperl.c:
"require Safe;"
I am thinking of submitting a patch to replace this with "use Safe
2.09;" to enforce use of a version without the known vulnerability.
This would break both plperl and plperlu o
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Currently we have this in plperl.c:
> "require Safe;"
> I am thinking of submitting a patch to replace this with "use Safe
> 2.09;" to enforce use of a version without the known vulnerability.
This would break both plperl and plperlu on older Perls.
There is a known security issue with the perl Safe module versions up to
and including 2.07 (and 2.08 had a life of 1 day before 2.09 was
released). see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323
Currently we have this in plperl.c:
"require Safe;"
I am thinking of submitting a
11 matches
Mail list logo