plperl-safe-225-rand.patch
text/x-patch
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
| File | + | − |
|---|---|---|
| doc/src/sgml/plperl.sgml | 0 | 0 |
| src/pl/plperl/plc_safe_ok.pl | 0 | 0 |
| src/pl/plperl/plperl.c | 0 | 0 |
diff --git a/doc/src/sgml/plperl.sgml b/doc/src/sgml/plperl.sgml
index c000463..0cc59c5 100644
*** a/doc/src/sgml/plperl.sgml
--- b/doc/src/sgml/plperl.sgml
*************** $$ LANGUAGE plperl;
*** 856,862 ****
operations that are restricted are those that interact with the
environment. This includes file handle operations,
<literal>require</literal>, and <literal>use</literal> (for
! external modules). There is no way to access internals of the
database server process or to gain OS-level access with the
permissions of the server process,
as a C function can do. Thus, any unprivileged database user can
--- 856,864 ----
operations that are restricted are those that interact with the
environment. This includes file handle operations,
<literal>require</literal>, and <literal>use</literal> (for
! external modules). To the extent it is prevented by the Perl
! <ulink url="http://search.cpan.org/perldoc?Safe">Safe</ulink> module,
! there is no way provided to access internals of the
database server process or to gain OS-level access with the
permissions of the server process,
as a C function can do. Thus, any unprivileged database user can
diff --git a/src/pl/plperl/plc_safe_ok.pl b/src/pl/plperl/plc_safe_ok.pl
index ee2e33f..873143f 100644
*** a/src/pl/plperl/plc_safe_ok.pl
--- b/src/pl/plperl/plc_safe_ok.pl
*************** if (not our $_init++) {
*** 52,58 ****
# --- create and initialize a new container ---
$SafeClass ||= 'Safe';
! $PLContainer = $SafeClass->new('PostgreSQL::InServer::safe_container');
$PLContainer->permit_only(':default');
$PLContainer->permit(qw[:base_math !:base_io sort time require]);
--- 52,64 ----
# --- create and initialize a new container ---
$SafeClass ||= 'Safe';
! # Give the container a random name to complicate an attack that needs the name
! # (Iff perl is loaded via shared_preload_libraries and perl uses the same
! # random function as postgres then perl's own seed function would have already
! # been called and an attacker could call the postgres setseed() before first
! # use of plperl to control the rand result. Even so, we try to make life hard.)
! # There's no known exploit based on this but it's cheap and wise.
! $PLContainer = $SafeClass->new('PostgreSQL::InServer::safe'.int(rand(time+$^T+$!)));
$PLContainer->permit_only(':default');
$PLContainer->permit(qw[:base_math !:base_io sort time require]);
*************** sub safe_eval {
*** 91,95 ****
}
sub mksafefunc {
! ! return safe_eval(PostgreSQL::InServer::mkfuncsrc(@_));
}
--- 97,101 ----
}
sub mksafefunc {
! return safe_eval(PostgreSQL::InServer::mkfuncsrc(@_));
}
diff --git a/src/pl/plperl/plperl.c b/src/pl/plperl/plperl.c
index 956eddb..a834063 100644
*** a/src/pl/plperl/plperl.c
--- b/src/pl/plperl/plperl.c
*************** plperl_trusted_init(void)
*** 691,702 ****
safe_version_x100 = (int) (SvNV(safe_version_sv) * 100);
/*
! * Reject too-old versions of Safe and some others: 2.20:
! * http://rt.perl.org/rt3/Ticket/Display.html?id=72068 2.21:
! * http://rt.perl.org/rt3/Ticket/Display.html?id=72700
*/
! if (safe_version_x100 < 209 || safe_version_x100 == 220 ||
! safe_version_x100 == 221)
{
/* not safe, so disallow all trusted funcs */
eval_pv(PLC_SAFE_BAD, FALSE);
--- 691,699 ----
safe_version_x100 = (int) (SvNV(safe_version_sv) * 100);
/*
! * Reject too-old versions of Safe
*/
! if (safe_version_x100 < 225)
{
/* not safe, so disallow all trusted funcs */
eval_pv(PLC_SAFE_BAD, FALSE);