aboutsummaryrefslogtreecommitdiff
path: root/doc/src
diff options
context:
space:
mode:
authorAndrew Dunstan <andrew@dunslane.net>2010-05-13 16:39:43 +0000
committerAndrew Dunstan <andrew@dunslane.net>2010-05-13 16:39:43 +0000
commit1f474d299d02c398fa627d09d23a7a6a1079a310 (patch)
treee3d766f61cc8d5c580be28b4e1a3020e5cab46e2 /doc/src
parent2b61b3e5074d7f55df82c199b87671334741b4e1 (diff)
downloadpostgresql-1f474d299d02c398fa627d09d23a7a6a1079a310.tar.gz
postgresql-1f474d299d02c398fa627d09d23a7a6a1079a310.zip
Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that imposes restrictions on unsafe operations. These restrictions are much harder to subvert than is Safe.pm, since there is no container to be broken out of. Backported to release 7.4. In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of the two interpreters model for plperl and plperlu adopted in release 8.2. In versions 8.0 and up, the use of Perl's POSIX module to undo its locale mangling on Windows has become insecure with these changes, so it is replaced by our own routine, which is also faster. Nice side effects of the changes include that it is now possible to use perl's "strict" pragma in a natural way in plperl, and that perl's $a and $b variables now work as expected in sort routines, and that function compilation is significantly faster. Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and Alexey Klyukin. Security: CVE-2010-1169
Diffstat (limited to 'doc/src')
-rw-r--r--doc/src/sgml/plperl.sgml12
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/src/sgml/plperl.sgml b/doc/src/sgml/plperl.sgml
index c4129510fc1..7d17002acff 100644
--- a/doc/src/sgml/plperl.sgml
+++ b/doc/src/sgml/plperl.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/plperl.sgml,v 2.83 2010/04/03 07:22:55 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plperl.sgml,v 2.84 2010/05/13 16:39:43 adunstan Exp $ -->
<chapter id="plperl">
<title>PL/Perl - Perl Procedural Language</title>
@@ -1154,11 +1154,19 @@ CREATE TRIGGER test_valid_id_trig
into a module and loaded by the <literal>on_init</> string.
Examples:
<programlisting>
-plperl.on_init = '$ENV{NYTPROF}="start=no"; require Devel::NYTProf::PgPLPerl'
+plperl.on_init = 'require "plperlinit.pl"'
plperl.on_init = 'use lib "/my/app"; use MyApp::PgInit;'
</programlisting>
</para>
<para>
+ Any modules loaded by <literal>plperl.on_init</>, either directly or
+ indirectly, will be available for use by <literal>plperl</>. This may
+ create a security risk. To see what modules have been loaded you can use:
+<programlisting>
+DO 'elog(WARNING, join ", ", sort keys %INC)' language plperl;
+</programlisting>
+ </para>
+ <para>
Initialization will happen in the postmaster if the plperl library is included
in <literal>shared_preload_libraries</> (see <xref linkend="guc-shared-preload-libraries">),
in which case extra consideration should be given to the risk of destabilizing the postmaster.