Re: Add on_trusted_init and on_untrusted_init to plperl UPDATED [PATCH]
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Tim Bunce <Tim.Bunce@pobox.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andrew Dunstan <andrew@dunslane.net>, Alex Hunsaker <badalex@gmail.com>, pgsql-hackers@postgresql.org
Date: 2010-02-03T19:53:00Z
Lists: pgsql-hackers
On Wed, Feb 3, 2010 at 2:38 PM, Tim Bunce <Tim.Bunce@pobox.com> wrote:
>> What I was actually wondering about, however, is the extent to which
>> the semantics of Perl code could be changed from an on_init hook ---
>> is there any equivalent of changing search_path or otherwise creating
>> trojan-horse code that might be executed unexpectedly?
>
> This seems like a reasonable 'vector of first choice':
>
> SET plperl.on_plperl_init = '$SIG{__WARN__} = sub { ... }';
>
> and then do something to trigger a warning from some existing plperl
> function. So I think the answer is yes.
Perl is actually full of places where you can do things like this,
like exporting things into CORE::GLOBAL, or just polluting the package
namespace in which the code will run. Not sure if any of this is
prevented by Safe.
...Robert