Re: Probably security hole in postgresql-7.4.1

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: ken(at)coverity(dot)com
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Probably security hole in postgresql-7.4.1
Date: 2004-05-13 13:15:21
Message-ID: 7681.1084454121@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

"Ken Ashcraft" <ken(at)coverity(dot)com> writes:
>> ... thus opening up the problem to anyone who can get past the
>> initial postmaster authentication check. So this is more severe than we
>> first thought.

> Great. Thanks for the feedback. If it is serious, is an advisory in order?

No, we'll just push out the fix as part of the next update version
(though that may happen a little sooner than it would have otherwise).
Sensible people don't give direct database connections to untrustworthy
users in the first place, since there are so many ways you can cause
problems if you can issue random SQL commands ...

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2004-05-13 13:18:21 Re: threads stuff/UnixWare
Previous Message Tatsuo Ishii 2004-05-13 13:00:41 Re: PostgreSQL pre-fork speedup