Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)

From: Josh Berkus <josh(at)agliodbs(dot)com>
To: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)
Date: 2013-04-11 23:38:20
Message-ID: 5167496C.7040406@agliodbs.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy


>
> I would hope people have tripwire/aide/et al configured to watch for these
> sorts of things already
>

Most of our non-cloud users connect to the DB from the application as
the superuser (the cloud users don't only because they're not allowed
to). I think Tripwire is a little beyond them.

Anyway, the Blackwing analysis points out a whole set of potential
exploits which our security team hadn't thought of.

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

In response to

Browse pgsql-advocacy by date

  From Date Subject
Next Message Greg Sabino Mullane 2013-04-12 02:04:14 Re: Heroku early upgrade is raising serious questions
Previous Message Bruce Momjian 2013-04-11 19:12:44 Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)