On Mon, Mar 8, 2010 at 10:14, Tom Lane wrote:
> "David E. Wheeler" writes:
>> On Mar 8, 2010, at 8:03 AM, Tom Lane wrote:
>>> #3 is still an absolute nonstarter, especially for a patch that we'd
>>> wish to backpatch.
>
>> You're at least going to want to exclude Safe 2.20 - 2.23, IIUC.
>
> If th
Alex Hunsaker writes:
> That being said I would be in favor of at least saying "Hey! your
> using a known broken version of Safe". Maybe something like the below
> at pl_perl init time? (That is instead of requiring >v2.25 just
> complain about older versions)
> elog(WARNING, "Safe versions bef
On Mon, Mar 8, 2010 at 09:03, Tom Lane wrote:
> Tim Bunce writes:
>> 3. requires Safe 2.25 (which has assorted fixes, including security).
> #3 is still an absolute nonstarter, especially for a patch that we'd
> wish to backpatch.
FWIW I think its a given you probably always want the latest ver
2010/3/8 David E. Wheeler :
>> Particularly if the vendor chooses to back-patch
>> Safe security fixes without bumping the visible version number, as is
>> not unlikely for Red Hat in particular.
>
> This is why I hate packaging systems. Frankly, Red Hat's Perl has been
> consistently broken for c
On Mar 8, 2010, at 9:14 AM, Tom Lane wrote:
> If those aren't versions that are likely to be in wide use, no objection
> to that.
Yes, those are a series of releases in the last couple of months that had one
level of brokenness or another I'm going to test 2.25 today.
> I'm just concerned about
On Mon, Mar 08, 2010 at 11:03:27AM -0500, Tom Lane wrote:
> Tim Bunce writes:
> > Here's a patch that:
> > 1. adds wording like that to the docs.
> > 2. randomises the container package name (a simple and sound security
> > measure).
> > 3. requires Safe 2.25 (which has assorted fixes, including
"David E. Wheeler" writes:
> On Mar 8, 2010, at 8:03 AM, Tom Lane wrote:
>> #3 is still an absolute nonstarter, especially for a patch that we'd
>> wish to backpatch.
> You're at least going to want to exclude Safe 2.20 - 2.23, IIUC.
If those aren't versions that are likely to be in wide use, no
On Mar 8, 2010, at 8:03 AM, Tom Lane wrote:
> #3 is still an absolute nonstarter, especially for a patch that we'd
> wish to backpatch.
You're at least going to want to exclude Safe 2.20 - 2.23, IIUC.
Best,
David
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make c
Tim Bunce writes:
> Here's a patch that:
> 1. adds wording like that to the docs.
> 2. randomises the container package name (a simple and sound security
> measure).
> 3. requires Safe 2.25 (which has assorted fixes, including security).
> 4. removed a harmless but suprious exclamation mark from
On Wed, Mar 03, 2010 at 07:01:56PM -0500, Andrew Dunstan wrote:
> Joshua D. Drake wrote:
> >On Wed, 2010-03-03 at 11:33 -0500, Andrew Dunstan wrote:
> >
> >>Well, we could put in similar weasel words I guess. But after
> >>all, Safe's very purpose is to provide a restricted execution
> >>environmen
Joshua D. Drake wrote:
On Wed, 2010-03-03 at 11:33 -0500, Andrew Dunstan wrote:
Well, we could put in similar weasel words I guess. But after all,
Safe's very purpose is to provide a restricted execution environment, no?
We already do, in our license.
True. I think
On Wed, 2010-03-03 at 11:33 -0500, Andrew Dunstan wrote:
> >
>
> Well, we could put in similar weasel words I guess. But after all,
> Safe's very purpose is to provide a restricted execution environment, no?
We already do, in our license.
Joshua D. Drake
>
> cheers
>
> andrew
>
--
P
Tim Bunce wrote:
FYI the maintainers of Safe are aware of (at least) two exploits which
are being considered at the moment.
You might want to soften the wording in
http://developer.postgresql.org/pgdocs/postgres/plperl-trusted.html
"There is no way to ..." is a stronger statement than can be j
On Tue, Mar 02, 2010 at 07:33:47PM -0500, Andrew Dunstan wrote:
>
> There appears to be some significant misunderstanding of what can be
> done effectively using the various *_init settings for plperl.
>
> In particular, some people have got an expectation that modules
> loaded in plperl.on_init
14 matches
Mail list logo