| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Magnus Hagander" <mha(at)sollentuna(dot)net> |
| Subject: | Re: FW: iDefense Q2 2006 Vulnerability Challenge |
| Date: | 2006-05-22 21:59:48 |
| Message-ID: | 200605221759.48504.xzilla@users.sourceforge.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sunday 21 May 2006 18:43, Tom Lane wrote:
> "Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> > For those that haven't already seen it, this might give some extra
> > exposure to PostgreSQL wrt vulnerability research. Though I think nobody
> > will have a chance to find one (I just don't see how you could possibly
> > get root through postgresql, since we refuse to run as root), other
> > things might be exposed by someone who's poking around.
>
> Yeah, I think they've really done the database community a disservice by
> defining interesting exploits as being only those resulting in root.
> An exploit that lets you get database superuser privs would be the
> appropriate criterion here, IMHO.
>
Agreed, although with some other databases, root level exploits are certainly
a possibiliy. OTOH maybe someone should email them and see if we can
convince them to donate $10,000 to the foundation if no root vulnerabilities
are found... :-)
--
Robert Treat
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mischa Sandberg | 2006-05-22 22:00:08 | Re: Porting MSSQL to PGSQL (Was: [OT] MySQL is bad, but |
| Previous Message | Mischa Sandberg | 2006-05-22 21:51:56 | Re: Porting MSSQL to PGSQL: trace and profile |