1# src/pl/plperl/plc_trusted.pl 2 3#<<< protect next line from perltidy so perlcritic annotation works 4package PostgreSQL::InServer::safe; ## no critic (RequireFilenameMatchesPackage) 5#>>> 6 7# Load widely useful pragmas into plperl to make them available. 8# 9# SECURITY RISKS: 10# 11# Since these modules are free to compile unsafe opcodes they must 12# be trusted to now allow any code containing unsafe opcodes to be abused. 13# That's much harder than it sounds. 14# 15# Be aware that perl provides a wide variety of ways to subvert 16# pre-compiled code. For some examples, see this presentation: 17# http://www.slideshare.net/cdman83/barely-legal-xxx-perl-presentation 18# 19# If in ANY doubt about a module, or ANY of the modules down the chain of 20# dependencies it loads, then DO NOT add it to this list. 21# 22# To check if any of these modules use "unsafe" opcodes you can compile 23# plperl with the PLPERL_ENABLE_OPMASK_EARLY macro defined. See plperl.c 24 25require strict; 26require Carp; 27require Carp::Heavy; 28require warnings; 29require feature if $] >= 5.010000; 30