OSSForks/postgres
1
0
Fork 0
mirror of https://github.com/zebrajr/postgres.git synced 2025-12-07 12:20:31 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
Mirror of the official PostgreSQL GIT repository. Note that this is just a *mirror* - we don't work with pull requests on github. To contribute, please see https://wiki.postgresql.org/wiki/Submitting_a_Patch
17,282 Commits 34 Branches 537 Tags 1,009 MiB
C 85.1%
PLpgSQL 6%
Perl 4.6%
Yacc 1.2%
Meson 0.7%
Other 2.2%
60028fda9f
Go to file
Andrew Dunstan 60028fda9f Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is 
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.

In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.

In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is
replaced by our own routine, which is also faster.

Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.

Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.

Security: CVE-2010-1169
2010-05-13 16:44:35 +00:00
config Handle draft version of getpwuid_r() that accepts only four arguments. 2004-03-20 15:39:40 +00:00
contrib Ensure that contrib/pgstattuple functions respond to cancel interrupts 2010-04-02 16:17:31 +00:00
doc Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is 2010-05-13 16:44:35 +00:00
src Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is 2010-05-13 16:44:35 +00:00
aclocal.m4 Remove leftovers from subproject removals. Fixes for Python and Kerberos 2002-09-04 22:54:18 +00:00
configure tag 7.4.28 2010-03-12 04:06:01 +00:00
configure.in tag 7.4.28 2010-03-12 04:06:01 +00:00
COPYRIGHT Fix some copyright notices that weren't updated. Improve copyright tool 2003-08-04 23:59:41 +00:00
GNUmakefile.in Remove README.CVS when making a distribution. 2004-06-13 21:50:04 +00:00
Makefile Restructure the key include files per recent pghackers discussion: there 2001-02-10 02:31:31 +00:00
README Improve wording. 2002-11-11 20:03:40 +00:00
README.CVS Some further editorializing on README.CVS. 2004-03-28 06:09:14 +00:00

README 

PostgreSQL Database Management System
=====================================
  
This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains several language
bindings, including C, Perl, Python, and Tcl, as well as a JDBC
driver.

The ODBC and C++ interfaces have been moved to the PostgreSQL Projects
Web Site at http://gborg.postgresql.org for separate maintenance.

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Changes between all PostgreSQL releases are recorded in the
file HISTORY.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
ftp://ftp.postgresql.org/pub/.  For more information look at our web
site located at http://www.postgresql.org/.