Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found - Mailing list pgsql-admin

From Greg Sabino Mullane
Subject Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found
Date
Msg-id 18991d8228b39e43384ac760ebf5b84d@biglumber.com
Whole thread Raw
In response to Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found  (Thomas F.O'Connell <tfo@sitening.com>)
List pgsql-admin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Considering that this is a security-related system catalog update, is
> there any way of providing some sort of signature for a message like
> this such that the community can feel that issuing some arcane commands
> as a superuser won't open a hole rather than close one?

An excellent point. Ideally someone (Tom) would be using GnuPG to sign
important messages like this with a digital signature. However, there are
a few checks one could do until that happens. One, compare his headers with
previous ones. Second, check the page at www.postgresql.org for a matching
announcement. Third, wait five minutes for the real Tom Lane to denounce any
fake email sent in his name. :)

If it makes you feel better, I'm 100% sure that was a legitimate email, and
I am going to sign this. :)

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200505040739
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFCeLTwvJuQZxSWSsgRAtACAKDvyylXy1MliqSs8Jsoz7XicXmBagCgoprg
qKPTIVv55E3ne19OGvtOTHM=
=IFvp
-----END PGP SIGNATURE-----



pgsql-admin by date:

Previous
From: Tom Lane
Date:
Subject: Re: Anything like varchar_pattern_ops in 7.3.x?
Next
From: Gourish Singbal
Date:
Subject: Need help in data migration