| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Shachar Shemesh <psql(at)shemesh(dot)biz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Probably security hole in postgresql-7.4.1 |
| Date: | 2004-05-13 01:03:14 |
| Message-ID: | 20040513010314.GA8037@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, May 13, 2004 at 00:54:19 +0300,
Shachar Shemesh <psql(at)shemesh(dot)biz> wrote:
> >
> I'm sorry. Maybe it's spending too many years in the security industry
> (I've been Check Point's "oh my god we have a security problem" process
> manager for over two years). Maybe it's knowing how to actually exploit
> these problems. Maybe it's just seeing many of the good guys (OpenBSD's
> Theo included) fall flat on their faces after saying "This is a DoS
> only". In my book, a buffer overrun=arbitrary code execution.
But it is still a local user exploit, not a remote user exploit. That makes
a big difference in how the bug should be treated.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-05-13 01:08:25 | Re: threads stuff/UnixWare |
| Previous Message | Larry Rosenman | 2004-05-13 00:56:18 | UnixWare/Threads stuff [repost from March] |