diff options
| -rw-r--r-- | doc/src/sgml/release-7.4.sgml | 42 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.0.sgml | 42 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.1.sgml | 42 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.2.sgml | 42 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.3.sgml | 42 | ||||
| -rw-r--r-- | doc/src/sgml/release-8.4.sgml | 46 |
6 files changed, 248 insertions, 8 deletions
diff --git a/doc/src/sgml/release-7.4.sgml b/doc/src/sgml/release-7.4.sgml index f6ae8e79bab..edc184b2191 100644 --- a/doc/src/sgml/release-7.4.sgml +++ b/doc/src/sgml/release-7.4.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.6 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-7.4.sgml,v 1.7 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-7-4-29"> @@ -39,6 +39,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) </para> diff --git a/doc/src/sgml/release-8.0.sgml b/doc/src/sgml/release-8.0.sgml index ed2aa5ca764..b1aeba0d6aa 100644 --- a/doc/src/sgml/release-8.0.sgml +++ b/doc/src/sgml/release-8.0.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.0.sgml,v 1.6 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.0.sgml,v 1.7 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-0-25"> @@ -39,6 +39,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) </para> diff --git a/doc/src/sgml/release-8.1.sgml b/doc/src/sgml/release-8.1.sgml index 187dfcd763a..114cb82d9c1 100644 --- a/doc/src/sgml/release-8.1.sgml +++ b/doc/src/sgml/release-8.1.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.1.sgml,v 1.6 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.1.sgml,v 1.7 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-1-21"> @@ -33,6 +33,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) </para> diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml index ac5c2c2550b..5fdc8362e0f 100644 --- a/doc/src/sgml/release-8.2.sgml +++ b/doc/src/sgml/release-8.2.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.2.sgml,v 1.6 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.2.sgml,v 1.7 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-2-17"> @@ -33,6 +33,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki) </para> diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml index cac48eebc5b..82d35b2e63d 100644 --- a/doc/src/sgml/release-8.3.sgml +++ b/doc/src/sgml/release-8.3.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.3.sgml,v 1.6 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.3.sgml,v 1.7 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-3-11"> @@ -33,6 +33,46 @@ <listitem> <para> + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki) </para> diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml index b3b7267e051..94571b7289a 100644 --- a/doc/src/sgml/release-8.4.sgml +++ b/doc/src/sgml/release-8.4.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.4.sgml,v 1.18 2010/05/12 23:20:49 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.4.sgml,v 1.19 2010/05/13 21:26:59 tgl Exp $ --> <!-- See header comment in release.sgml about typical markup --> <sect1 id="release-8-4-4"> @@ -33,8 +33,48 @@ <listitem> <para> - Fix error during WAL replay of <literal>ALTER ... SET TABLESPACE</> - (Tom) + Enforce restrictions in <literal>plperl</> using an opmask applied to + the whole interpreter, instead of using <filename>Safe.pm</> + (Tim Bunce, Andrew Dunstan) + </para> + + <para> + Recent developments have convinced us that <filename>Safe.pm</> is too + insecure to rely on for making <literal>plperl</> trustable. This + change removes use of <filename>Safe.pm</> altogether, in favor of using + a separate interpreter with an opcode mask that is always applied. + Pleasant side effects of the change include that it is now possible to + use Perl's <literal>strict</> pragma in a natural way in + <literal>plperl</>, and that Perl's <literal>$a</> and <literal>$b</> + variables work as expected in sort routines, and that function + compilation is significantly faster. (CVE-2010-1169) + </para> + </listitem> + + <listitem> + <para> + Prevent PL/Tcl from executing untrustworthy code from + <structname>pltcl_modules</> (Tom) + </para> + + <para> + PL/Tcl's feature for autoloading Tcl code from a database table + could be exploited for trojan-horse attacks, because there was no + restriction on who could create or insert into that table. This change + disables the feature unless <structname>pltcl_modules</> is owned by a + superuser. (However, the permissions on the table are not checked, so + installations that really need a less-than-secure modules table can + still grant suitable privileges to trusted non-superusers.) Also, + prevent loading code into the unrestricted <quote>normal</> Tcl + interpreter unless we are really going to execute a <literal>pltclu</> + function. (CVE-2010-1170) + </para> + </listitem> + + <listitem> + <para> + Fix data corruption during WAL replay of + <literal>ALTER ... SET TABLESPACE</> (Tom) </para> <para> |