| From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Justin Clift" <justin(at)postgresql(dot)org> |
| Cc: | "PostgreSQL Hackers Mailing List" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interesting message about printf()'s in PostgreSQL |
| Date: | 2002-08-12 04:16:55 |
| Message-ID: | GNELIHDDFBOCMGBFGEFOOEKDCDAA.chriskl@familyhealth.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I see one unsubstantiated allegation about PG intermixed with a ton
> of content-free navel-gazing. Don't waste my time.
For instance, when I submitted patches for fulltextindex 7.2 it freely used
unchecked sprintf's everywhere. Even now I'm not sure what'll happen if a
malicious user really tried to crash it. Anyway, who cares about printfs
when stuff like select cash_out(2) is documented?
> I have no doubt that some problems remain (cf recent agonizing over
> whether there is a buffer overrun problem in the date parser) ...
> but unspecific rumors don't help anyone. As always, the best form of
> criticism is a diff -c patch.
Maybe we could form a bunch of people on this list interested in checking
for security issues and fixing them. I'd be in, time be willing...
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2002-08-12 04:33:27 | cash_out bug |
| Previous Message | Gavin Sherry | 2002-08-12 04:10:05 | Re: Interesting message about printf()'s in PostgreSQL |