| From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | "Justin Clift" <justin(at)postgresql(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Vince Vielhaber" <vev(at)michvhf(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date: | 2002-08-20 03:50:47 |
| Message-ID: | GNELIHDDFBOCMGBFGEFOAEMHCDAA.chriskl@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > I'd like to see something done about this fairly soon, but it's not
> > happening for 7.3 ...
>
> Hang on, you seem to be suggesting we release a major new upgrade, with
> major new functionality, knowing it contains a way to trivially crash
> the backend.
>
> Err.. hang on. What happened to our reputation for quality and
> releasing "when it's ready"?
>
> Since when were we Microsoft-ized?
I personally agree with Justin that it should be fixed for 7.3 (just imagine
all those people selling colo postgres services). There should be a 7.2.2
as well that fixes the date parser problem.
However, if you let people just run anything they want on your server (eg.
select cash_out(2);) then you're already in a world of pain because they can
quite easily DOS you by doing large, expensive queries, creating 1000
billion row tables, etc., etc.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rod Taylor | 2002-08-20 03:58:06 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Previous Message | Tom Lane | 2002-08-20 03:47:30 | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |