Adjust safety restrictions for plperl functions. Andrew Dunstan's

tglsfdc · tglsfdc · commit 4a0bee976cb8 · 2004-11-16T22:05:22.000Z
patch, but allow srand and disallow sprintf as per subsequent discussion.
diff --git a/src/pl/plperl/plperl.c b/src/pl/plperl/plperl.c
@@ -33,7 +33,7 @@
  *	  ENHANCEMENTS, OR MODIFICATIONS.
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/pl/plperl/plperl.c,v 1.55 2004/10/15 17:08:26 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/pl/plperl/plperl.c,v 1.56 2004/11/16 22:05:22 tgl Exp $
  *
  **********************************************************************/
 
@@ -250,17 +250,20 @@ plperl_safe_init(void)
 
 	static char *safe_ok =
 	"use vars qw($PLContainer); $PLContainer = new Safe('PLPerl');"
-	"$PLContainer->permit_only(':default');$PLContainer->permit(':base_math');"
-	"$PLContainer->share(qw[&elog &spi_exec_query &DEBUG &LOG &INFO &NOTICE &WARNING &ERROR %SHARED ]);"
+	"$PLContainer->permit_only(':default');"
+	"$PLContainer->permit(qw[:base_math !:base_io sort time]);"
+	"$PLContainer->share(qw[&elog &spi_exec_query &DEBUG &LOG "
+    "&INFO &NOTICE &WARNING &ERROR %SHARED ]);"
 	"sub ::mksafefunc { return $PLContainer->reval(qq[sub { $_[0] $_[1]}]); }"
 			   ;
 
 	static char *safe_bad =
 	"use vars qw($PLContainer); $PLContainer = new Safe('PLPerl');"
-	"$PLContainer->permit_only(':default');$PLContainer->permit(':base_math');"
-	"$PLContainer->share(qw[&elog &DEBUG &LOG &INFO &NOTICE &WARNING &ERROR %SHARED ]);"
+	"$PLContainer->permit_only(':default');"
+	"$PLContainer->share(qw[&elog &ERROR ]);"
 	"sub ::mksafefunc { return $PLContainer->reval(qq[sub { "
-	"elog(ERROR,'trusted perl functions disabled - please upgrade perl Safe module to at least 2.09');}]); }"
+	"elog(ERROR,'trusted perl functions disabled - "
+    "please upgrade perl Safe module to at least 2.09');}]); }"
 			   ;
 
 	SV		   *res;
