Home > mailing lists

Re: a vulnerability in PostgreSQL - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: a vulnerability in PostgreSQL
Date	June 12, 2002 17:27:20
Msg-id	200206121811.g5CIBrO12840@candle.pha.pa.us Whole thread Raw
In response to	Re: a vulnerability in PostgreSQL (Tatsuo Ishii <t-ishii@sra.co.jp>)
Responses	Re: a vulnerability in PostgreSQL (Tatsuo Ishii <t-ishii@sra.co.jp>)
List	pgsql-hackers

Tree view

Do we need to do any more work to document this problem?

---------------------------------------------------------------------------

Tatsuo Ishii wrote:
> > Oops. How about:
> > 
> > foo'; DROP TABLE t1; -- foo
> > 
> > The last ' gets removed, leaving -- (81a2).
> > 
> > So you get:
> > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2)
> 
> This surely works:-< Ok, you gave me an enough example that shows even
> 7.1.x and 7.0.x are not safe.
> 
> Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be
> posted soon.

[ Attachment, skipping... ]

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: "Dann Corbit"
Date: 12 June 2002, 17:04:51
Subject: Re: PostGres Doubt

From: Bruce Momjian
Date: 12 June 2002, 17:28:13
Subject: Re: Number of attributes in HeapTupleHeader

Re: a vulnerability in PostgreSQL - Mailing list pgsql-hackers

Previous

Next