From: Tom Lane Date: Thu, 13 May 2010 21:27:08 +0000 (+0000) Subject: Update release notes with security issues. X-Git-Tag: REL8_4_4~2 X-Git-Url: http://waps.l3s.uni-hannover.de/gitweb/?a=commitdiff_plain;h=9d4e01ca3ef847748b96bdc69f88b7368ca95811;p=users%2Fhanada%2Fpostgres.git Update release notes with security issues. Security: CVE-2010-1169, CVE-2010-1170 --- diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml index d9fbc00bac..1b7f1109e5 100644 --- a/doc/src/sgml/release-7.4.sgml +++ b/doc/src/sgml/release-7.4.sgml @@ -1,4 +1,4 @@ - + @@ -37,6 +37,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml index 66429ca812..c2670298b0 100644 --- a/doc/src/sgml/release-8.0.sgml +++ b/doc/src/sgml/release-8.0.sgml @@ -1,4 +1,4 @@ - + @@ -37,6 +37,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.1.sgml b/doc/src/sgml/release-8.1.sgml index 7c46499284..4655379516 100644 --- a/doc/src/sgml/release-8.1.sgml +++ b/doc/src/sgml/release-8.1.sgml @@ -1,4 +1,4 @@ - + @@ -31,6 +31,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Do not allow an unprivileged user to reset superuser-only parameter diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml index 203b3ba60c..0869e49f4f 100644 --- a/doc/src/sgml/release-8.2.sgml +++ b/doc/src/sgml/release-8.2.sgml @@ -1,4 +1,4 @@ - + @@ -31,6 +31,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Fix possible crash if a cache reset message is received during diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml index 21cea166c1..4f7f60767f 100644 --- a/doc/src/sgml/release-8.3.sgml +++ b/doc/src/sgml/release-8.3.sgml @@ -1,4 +1,4 @@ - + @@ -31,6 +31,46 @@ + + + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + Fix possible crash if a cache reset message is received during diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index f8e03149fa..4ff2e1ca1d 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,4 +1,4 @@ - + @@ -33,8 +33,48 @@ - Fix error during WAL replay of ALTER ... SET TABLESPACE - (Tom) + Enforce restrictions in plperl using an opmask applied to + the whole interpreter, instead of using Safe.pm + (Tim Bunce, Andrew Dunstan) + + + + Recent developments have convinced us that Safe.pm is too + insecure to rely on for making plperl trustable. This + change removes use of Safe.pm altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's strict pragma in a natural way in + plperl, and that Perl's $a and $b + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + + + + + + Prevent PL/Tcl from executing untrustworthy code from + pltcl_modules (Tom) + + + + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless pltcl_modules is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted normal Tcl + interpreter unless we are really going to execute a pltclu + function. (CVE-2010-1170) + + + + + + Fix data corruption during WAL replay of + ALTER ... SET TABLESPACE (Tom)