| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Vince Vielhaber <vev(at)michvhf(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date: | 2002-08-19 22:56:02 |
| Message-ID: | 3D617782.AD2AB813@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Vince,
Do you reckon it's worth you responding to "Sir Mordred" and pointing
out that he overstated the vulnerability?
:-)
Regards and best wishes,
Justin Clift
Tom Lane wrote:
>
> Justin Clift <justin(at)postgresql(dot)org> writes:
> > Glad he made the advisory for something there's a fix for. :)
>
> The claim that this bug allows execution of arbitrary code is bogus anyway.
> The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
> predetermined way; an attacker will have no opportunity to insert code
> of his choosing.
>
> regards, tom lane
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vince Vielhaber | 2002-08-19 22:59:44 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Previous Message | Jeroen T. Vermeulen | 2002-08-19 22:08:24 | Re: Open 7.3 items |