Re: FW: iDefense Q2 2006 Vulnerability Challenge - Mailing list pgsql-hackers

From Tom Lane
Subject Re: FW: iDefense Q2 2006 Vulnerability Challenge
Date
Msg-id 17179.1148251420@sss.pgh.pa.us
Whole thread Raw
In response to FW: iDefense Q2 2006 Vulnerability Challenge  ("Magnus Hagander" <mha@sollentuna.net>)
Responses Re: FW: iDefense Q2 2006 Vulnerability Challenge
List pgsql-hackers
"Magnus Hagander" <mha@sollentuna.net> writes:
> For those that haven't already seen it, this might give some extra
> exposure to PostgreSQL wrt vulnerability research. Though I think nobody
> will have a chance to find one (I just don't see how you could possibly
> get root through postgresql, since we refuse to run as root), other
> things might be exposed by someone who's poking around.

Yeah, I think they've really done the database community a disservice by
defining interesting exploits as being only those resulting in root.
An exploit that lets you get database superuser privs would be the
appropriate criterion here, IMHO.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: problem with PQsendQuery/PQgetResult and COPY FROM statement
Next
From: Christopher Kings-Lynne
Date:
Subject: Re: String Similarity