On Tue, Oct 19, 2004 at 08:47:20AM -0400, Andrew Dunstan wrote:
> But maybe we can just live with what we have and advertise that 8.0's
> plperl is more secure.
The release notes should point out that 7.4's plperl is unsecure unless
the correct version of Safe.pm is installed. Maybe it works to
Neil Conway wrote:
On Tue, 2004-10-19 at 02:45, Andrew Dunstan wrote:
*shrug* OK. Then plperl should probably not be regarded as being as
"trusted" as we would like. Note that old versions of Safe.pm have been
the subject of security advisories such as this one
http://www.securityfocus.com/
On Tue, 2004-10-19 at 02:45, Andrew Dunstan wrote:
> *shrug* OK. Then plperl should probably not be regarded as being as
> "trusted" as we would like. Note that old versions of Safe.pm have been
> the subject of security advisories such as this one
> http://www.securityfocus.com/bid/6111/info/
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Do we want to backport tighter security for plperl? In particular,
insisting on Safe.pm >= 2.09 and removing the :base_io set of ops?
I'd vote not: 7.4.5 => 7.4.6 is not an update that people would expect
to break their plperl cod
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Do we want to backport tighter security for plperl? In particular,
> insisting on Safe.pm >= 2.09 and removing the :base_io set of ops?
I'd vote not: 7.4.5 => 7.4.6 is not an update that people would expect
to break their plperl code ...
Andrew Dunstan wrote:
Tom Lane wrote:
If anyone has any pending 7.4 fixes, getting them in in the next
few days would be a Good Plan.
Do we want to backport tighter security for plperl? In particular,
insisting on Safe.pm >= 2.09 and removing the :base_io set of ops?
And it would also be n
Tom Lane wrote:
If anyone has any pending 7.4 fixes, getting them in in the next
few days would be a Good Plan.
Do we want to backport tighter security for plperl? In particular,
insisting on Safe.pm >= 2.09 and removing the :base_io set of ops?
cheers
andrew
---(end
