From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
---|---|
To: | Neil Conway <neilc(at)samurai(dot)com> |
Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Date: | 2002-08-24 04:13:11 |
Message-ID: | 20020824011242.L1769-100000@mail1.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-general pgsql-hackers |
On 24 Aug 2002, Neil Conway wrote:
> "Marc G. Fournier" <scrappy(at)hub(dot)org> writes:
>
> > On 23 Aug 2002, Neil Conway wrote:
> > > The datetime overrun does not require the ability to connect to
> > > the database.
> >
> > Ack ... obviously I missed something, but, if you can't get a
> > connection to the database, how exactly is this one triggered? :(
>
> If the application is accepting datetime input from the user ('what's
> your birthday?', for example), and isn't doing some non-obvious input
> validation on it (namely, checking that the input string isn't too
> long), you can crash the backend. Gavin says executing arbitrary code
> using the hole would be extremely difficult, but it's at least
> conceivable.
Right, but you have to get a connection to the backend in order to crash
it ... no?
From | Date | Subject | |
---|---|---|---|
Next Message | Neil Conway | 2002-08-24 04:23:13 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Steve Lane | 2002-08-24 04:17:58 | Why is pgbench suddenly slow? |
Previous Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Neil Conway | 2002-08-24 04:23:13 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |