Re: Zlib vulnerability heads-up. - Mailing list pgsql-hackers

From Jan Wieck
Subject Re: Zlib vulnerability heads-up.
Date
Msg-id 200203122100.g2CL0v131118@saturn.janwieck.net
Whole thread Raw
In response to Re: Zlib vulnerability heads-up.  (Lamar Owen <lamar.owen@wgcr.org>)
List pgsql-hackers
Lamar Owen wrote:
> On Tuesday 12 March 2002 11:24 am, Trond Eivind Glomsrød wrote:
> > Lamar Owen <lamar.owen@wgcr.org> writes:
> > > Updating zlib is strongly recommended by many sources, and a patch is
> > > available.
>
> > FWIW, I really doubt this is much of a problem for postgresql. It's
> > mainly a problem for applications dealing with untrusted, compressed
> > data (webbrowsers, imageviewers, programs with skins downloaded from
> > the Internet) etc.
>
> It's probably NOT a big problem; but it IS a bug in an underlying library.
   If  fact,  it  isn't  a  problem  at  all.  The only data any   PostgreSQL DBA would ever pump into a restore is
somethinghe   built  himself  or  something  he  got  from a secure source,   right? I mean, you don't feed some
unknownscript  you  found   on  the  net into the DB as the PostgreSQL superuser. In that   case, someone doesn't need
tohand-craft such bad  compressed   data,  he  can simply use the \! functionality of psql in his   script to do
whateverhe wants as user postgres.
 


Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



pgsql-hackers by date:

Previous
From: Lamar Owen
Date:
Subject: Re: Zlib vulnerability heads-up.
Next
From: Matthew Kirkwood
Date:
Subject: Lightweight locking primitive