Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers
| From | Greg Copeland |
|---|---|
| Subject | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Date | |
| Msg-id | 1029851282.1558.51.camel@mouse.copelandconsulting.net Whole thread Raw |
| In response to | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in ("Dann Corbit" <DCorbit@connx.com>) |
| Responses |
Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
|
| List | pgsql-hackers |
On Tue, 2002-08-20 at 00:35, Dann Corbit wrote: > > Most computer virus problems are caused by buffer overrun. Someone > decided it wasn't very important. This is true. IMO, it is extremely arrogant to ignore a buffer overrun and announce it can't be exploited. There is many cases where this assertion has been proved to be false. The real risk of overrun is not what you think can be done with it (or lack there of), rather, it's how someone else might decide to use it in some obscure manner which you can not currently fathom or foresee. > Will you trust your multi-million dollar database to someone who says > the above? I think the priorities are upside down. Any *known* > buffer-overrun _must_ be repaired, and as quickly as possible. And I agree with that too. When setting priorities, using a scale of 1-10, 10 being highest priority, anything that effects stability or reliability should always be a 10. As such, they should always be repaired even above new wiz-bang features. IMO, if you don't embrace that rule of thumb, a developer shouldn't be working on a project where stability and reliability are key components of the end product. > potential overruns should be identified. A grep for memcpy, strcpy, > gets, etc. should hunt down most of them. A known buffer overrun should > fill the designer of a product with abject terror. And I really mean Agreed. It is horribly irresponsible to thumb a nose at such things in this day and age. > that, literally. If you *know* of a buffer overrun, and simply decide > not to fix it, that sounds very negligent to me. For a public project > like PostgreSQL, there is probably very little liability for the > programmers, but I am thinking of the damage that can be inflicted upon > potential clients using the database. > Not a question of it sounding negligent. It is negligent. If quality and stability is not the core developers #1 goal then expecting people to trust the resulting product is laughable. Please tell me why anyone should use a database to maintain important data when quality and stability is not important to the developers of such a product. It's an oxymoron. Time and time again I've read what basically amounts to, "...if someone can crash it it's because someone is stupid enough to allow someone to be able to do it in the first place..." Maybe you're right. After all, if core developers continue to turn a blind eye to such issues, they are in fact, the facilitators of allowing people to do it to begin with. That is, they are the ones that allowing people to do it in the first place. In short, every time I see that response, I immediately think, "...now that's the pot calling the kettle black." At some point in time, you have to stand and say, "the buck stops here." Now then, after that long rant and rave, since these are known issues, I don't have a problem with the next release going out as planned. Once it does go out, I would certainly hope that the developers would readjust their priorities and target a bug fix release to immediately follow. You know, I've seen many people trash Oracle's "unbreakable" mantra. I'm sure no one is confused at the fact that it is nothing but a marketing ploy, however, perhaps there is a culture behind it. Perhaps this is their way of saying stability and reliability is very important to them. Perhaps their mantra is the rule of thumb outlined above. Sign, Greg Copeland
pgsql-hackers by date: