|
1 | | -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.10.6 2010/05/12 23:28:06 tgl Exp $ --> |
| 1 | +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.10.7 2010/05/13 21:27:44 tgl Exp $ --> |
2 | 2 | <!-- See header comment in release.sgml about typical markup --> |
3 | 3 |
|
4 | 4 | <sect1 id="release-7-4-29"> |
|
37 | 37 |
|
38 | 38 | <itemizedlist> |
39 | 39 |
|
| 40 | + <listitem> |
| 41 | + <para> |
| 42 | + Enforce restrictions in <literal>plperl</> using an opmask applied to |
| 43 | + the whole interpreter, instead of using <filename>Safe.pm</> |
| 44 | + (Tim Bunce, Andrew Dunstan) |
| 45 | + </para> |
| 46 | + |
| 47 | + <para> |
| 48 | + Recent developments have convinced us that <filename>Safe.pm</> is too |
| 49 | + insecure to rely on for making <literal>plperl</> trustable. This |
| 50 | + change removes use of <filename>Safe.pm</> altogether, in favor of using |
| 51 | + a separate interpreter with an opcode mask that is always applied. |
| 52 | + Pleasant side effects of the change include that it is now possible to |
| 53 | + use Perl's <literal>strict</> pragma in a natural way in |
| 54 | + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> |
| 55 | + variables work as expected in sort routines, and that function |
| 56 | + compilation is significantly faster. (CVE-2010-1169) |
| 57 | + </para> |
| 58 | + </listitem> |
| 59 | + |
| 60 | + <listitem> |
| 61 | + <para> |
| 62 | + Prevent PL/Tcl from executing untrustworthy code from |
| 63 | + <structname>pltcl_modules</> (Tom) |
| 64 | + </para> |
| 65 | + |
| 66 | + <para> |
| 67 | + PL/Tcl's feature for autoloading Tcl code from a database table |
| 68 | + could be exploited for trojan-horse attacks, because there was no |
| 69 | + restriction on who could create or insert into that table. This change |
| 70 | + disables the feature unless <structname>pltcl_modules</> is owned by a |
| 71 | + superuser. (However, the permissions on the table are not checked, so |
| 72 | + installations that really need a less-than-secure modules table can |
| 73 | + still grant suitable privileges to trusted non-superusers.) Also, |
| 74 | + prevent loading code into the unrestricted <quote>normal</> Tcl |
| 75 | + interpreter unless we are really going to execute a <literal>pltclu</> |
| 76 | + function. (CVE-2010-1170) |
| 77 | + </para> |
| 78 | + </listitem> |
| 79 | + |
40 | 80 | <listitem> |
41 | 81 | <para> |
42 | 82 | Do not allow an unprivileged user to reset superuser-only parameter |
|
0 commit comments