diff options
author | Tom Lane <tgl@sss.pgh.pa.us> | 2010-05-13 21:27:35 +0000 |
---|---|---|
committer | Tom Lane <tgl@sss.pgh.pa.us> | 2010-05-13 21:27:35 +0000 |
commit | 250956f5b4067316085e5fe13fed09cda6d9e87e (patch) | |
tree | 2add2e5594528a0f58490485645b425594afab86 | |
parent | fdce45308f5db5dd6380311b62dc40d6ec4c9ac0 (diff) | |
download | postgresql-250956f5b4067316085e5fe13fed09cda6d9e87e.tar.gz |
Update release notes with security issues.
Security: CVE-2010-1169, CVE-2010-1170
-rw-r--r-- | doc/src/sgml/release-7.4.sgml | 42 | ||||
-rw-r--r-- | doc/src/sgml/release-8.0.sgml | 42 |
2 files changed, 82 insertions, 2 deletions
diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml index 9d8f5eccec..7f83a05920 100644 --- a/doc/src/sgml/release-7.4.sgml +++ b/doc/src/sgml/release-7.4.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.8.6 2010/05/12 23:27:58 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.1.8.7 2010/05/13 21:27:35 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-7-4-29"> @@ -39,6 +39,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) </para> diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml index 744ab98a04..29126f3968 100644 --- a/doc/src/sgml/release-8.0.sgml +++ b/doc/src/sgml/release-8.0.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.0.sgml,v 1.1.8.6 2010/05/12 23:27:58 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.0.sgml,v 1.1.8.7 2010/05/13 21:27:35 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-0-25"> @@ -39,6 +39,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) </para> |