From: | Vince Vielhaber <vev(at)michvhf(dot)com> |
---|---|
To: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
Cc: | Neil Conway <neilc(at)samurai(dot)com>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Date: | 2002-08-24 14:51:30 |
Message-ID: | Pine.BSF.4.40.0208241048430.73476-100000@paprika.michvhf.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-general pgsql-hackers |
On Sat, 24 Aug 2002, Marc G. Fournier wrote:
> On 24 Aug 2002, Neil Conway wrote:
>
> > "Marc G. Fournier" <scrappy(at)hub(dot)org> writes:
> >
> > > On 23 Aug 2002, Neil Conway wrote:
> > > > The datetime overrun does not require the ability to connect to
> > > > the database.
> > >
> > > Ack ... obviously I missed something, but, if you can't get a
> > > connection to the database, how exactly is this one triggered? :(
> >
> > If the application is accepting datetime input from the user ('what's
> > your birthday?', for example), and isn't doing some non-obvious input
> > validation on it (namely, checking that the input string isn't too
> > long), you can crash the backend. Gavin says executing arbitrary code
> > using the hole would be extremely difficult, but it's at least
> > conceivable.
>
> Right, but you have to get a connection to the backend in order to crash
> it ... no?
And what are the odds your application is going to bomb due to a buffer
overflow before it even gets to the database. I can see maybe with php,
but a web form should always be length limited.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: vev(at)michvhf(dot)com http://www.pop4.net
56K Nationwide Dialup from $16.00/mo at Pop4 Networking
http://www.camping-usa.com http://www.cloudninegifts.com
http://www.meanstreamradio.com http://www.unknown-artists.com
==========================================================================
From | Date | Subject | |
---|---|---|---|
Next Message | Lamar Owen | 2002-08-24 17:53:22 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Bruce Momjian | 2002-08-24 11:23:48 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Timur | 2002-08-24 15:18:25 | CREATE INDEX .. ON table1 (field1 asc, field2 desc) |
Previous Message | Bruce Momjian | 2002-08-24 11:23:48 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruno Wolff III | 2002-08-24 15:34:22 | Are "text" strings 0 terminated internally? |
Previous Message | Bruce Momjian | 2002-08-24 11:43:24 | Re: Large file support available |