From 05b75b9624b359e89770b7867bf01e188ad43d54 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 13 May 2010 21:27:22 +0000 Subject: [PATCH] Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170 --- doc/src/sgml/release-7.4.sgml | 42 ++++++++++++++++++++++++++++++++++- doc/src/sgml/release-8.0.sgml | 42 ++++++++++++++++++++++++++++++++++- doc/src/sgml/release-8.1.sgml | 42 ++++++++++++++++++++++++++++++++++- doc/src/sgml/release-8.2.sgml | 42 ++++++++++++++++++++++++++++++++++- 4 files changed, 164 insertions(+), 4 deletions(-) diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml index 7e1188c15a0..68b0046621f 100644 --- a/doc/src/sgml/release-7.4.sgml +++ b/doc/src/sgml/release-7.4.sgml @@ -1,4 +1,4 @@ - + @@ -37,6 +37,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml index 157723d68cc..b57bc2e9dbf 100644 --- a/doc/src/sgml/release-8.0.sgml +++ b/doc/src/sgml/release-8.0.sgml @@ -1,4 +1,4 @@ - + @@ -37,6 +37,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.1.sgml b/doc/src/sgml/release-8.1.sgml index 83b3ad11a31..13fedd01a73 100644 --- a/doc/src/sgml/release-8.1.sgml +++ b/doc/src/sgml/release-8.1.sgml @@ -1,4 +1,4 @@ - + @@ -31,6 +31,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml index d4818abf648..8e290f7733c 100644 --- a/doc/src/sgml/release-8.2.sgml +++ b/doc/src/sgml/release-8.2.sgml @@ -1,4 +1,4 @@ - + @@ -31,6 +31,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Fix possible crash if a cache reset message is received during