| From: | "Dann Corbit" <DCorbit(at)connx(dot)com> |
|---|---|
| To: | "Neil Conway" <neilc(at)samurai(dot)com> |
| Cc: | "Mark Pritchard" <mark(at)tangent(dot)net(dot)au>, "Justin Clift" <justin(at)postgresql(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date: | 2002-08-20 05:59:31 |
| Message-ID: | D90A5A6C612A39408103E6ECDD77B82920D14D@voyager.corporate.connx.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> -----Original Message-----
> From: Neil Conway [mailto:neilc(at)samurai(dot)com]
> Sent: Monday, August 19, 2002 10:48 PM
> To: Dann Corbit
> Cc: Neil Conway; Mark Pritchard; Justin Clift; Tom Lane;
> Christopher Kings-Lynne; pgsql-hackers(at)postgresql(dot)org
> Subject: Re: [HACKERS] @(#) Mordred Labs advisory 0x0001:
> Buffer overflow in
>
>
> "Dann Corbit" <DCorbit(at)connx(dot)com> writes:
> > I read (in some other message) that this buffer overrun problem has
> > been known for a very, very long time.
>
> No, the problem you're referring to (cash_out() and friends)
> is *not* a buffer overrun.
I did miss the one message that said it was not a buffer overrun (I just
got back from vacation, sorry).
However, if it *can* crash the server, that sounds pretty important to
me. Another message in this thread seemed to indicate that security was
not a major focus (lagging behind adding new features). I do hope that
is not true.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Pritchard | 2002-08-20 06:15:03 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Previous Message | Dann Corbit | 2002-08-20 05:49:05 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |