Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in - Mailing list pgsql-hackers
| From | Bruce Momjian |
|---|---|
| Subject | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
| Date | |
| Msg-id | 200208211713.g7LHDRa28373@candle.pha.pa.us Whole thread Raw |
| In response to | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in (Justin Clift <justin@postgresql.org>) |
| Responses |
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
(Rod Taylor <rbt@zort.ca>)
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in ("Marc G. Fournier" <scrappy@hub.org>) |
| List | pgsql-hackers |
Justin Clift wrote: > Bruce Momjian wrote: > > > > Justin Clift wrote: > > > Only two things which have the potential to be worth waiting for, from > > > what I'm aware of. There may be others: > > > > > > - Find out from Sir Mordred if he wants to take a look at the CVS > > > version of code and audit in that for a bit, Just In Case he turns > > > up something that's serious and requires substantial re-work. > > > Although it means he wouldn't have a bunch of "I found this existing > > > exploit" type releases, we could instead offer him credit on the > > > press release along the lines of "This released has been audited for > > > security flaws in its code by Sir Mordred". Am pretty sure he'd > > > do a very thorough job for that, as it means he'd have an official > > > "product reputation" he'd need to stand by for it. > > > > This is interesting. He would have a month to do it. > > Reckon it's worth asking him, to find out if he'd be interested in this? I wouldn't do it yet until we know if we are going to delay. > > > - Patches to the CVS tree which let us have a truly native windows > > > version. This is of huge significance and would *very* much improve > > > our growth and adoption by being in this release in comparison to > > > being in the release afterwards. Not in an airy fairy way, but > > > quite definitely and solidly. > > > > > > Of the two, Sir Mordred may or may not be willing, so that's kind of > > > iffy, whereas the Windows Native port which is in beta testing isn't > > > in too bad a state at all already. Have been running preliminary > > > multi-user AS3AP tests on it (with OSDB) and getting a significant > > > performance throughput increase in comparison to the cygwin version. > > > > OK, now I have to ask, where did this native Windows version come from? > > I don't know anything about it, except that Jan and SRA are both working > > on versions. > > It was kind of quietly let slip out: > > http://archives.postgresql.org/pgsql-cygwin/2002-08/msg00012.php > > But, it's definitely up and running and functional and pretty decent. Oh, so it is Jan's group. Great news; wish someone would have told me sooner. I removed the Win32 off the open items list because, with no info and no one commenting on the item, it seemed dead for 7.3. > > The other issue is PITR, which I have been told today will not be ready > > for a September 1 beta but may be ready for an October 1 beta. > > Useful, but not sure it's worth delaying even *further* for. Well, PITR is a much more desired feature even than Win32; the big question is how long PITR will actually take, seeing as we haven't see any patches yet. However, we haven't seen any Win32 patches yet either, so they are in the same boat as far as I am concerned. We have an open items list that is pretty much ready for 7.3. The only open items of significance left is whether schema/DROP COLUMN stuff is ready in all the interfaces/apps. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 P O S T G R E S Q L 7 . 3 O P E N I T E M S Current at ftp://candle.pha.pa.us/pub/postgresql/open_items. Source Code Changes ------------------- Schema handling - ready? interfaces? client apps? Drop column handling - ready for all clients, apps? have pg_dumpall dump out db privilege and per-user/db settings fix implicit type coercions that are worse Prepared statements - to be reviewed (Tom) improve macros in new tuple header code (Tom) integrate or move to gborg libpqxx, Pg:DBD Allow PL/PgSQL functions to return sets (Neil) Allow easy display of usernames in a group (pg_hba.conf uses groups now) fix BeOS and QNX4 ports On Hold ------- Point-in-time recovery - status? (J.R., Richard) Win32 port Security audit Documentation Changes --------------------- Mention foreign keys and SERIAL dependencies will not be in 7.2 loaded tables Document need to add permissions to loaded functions and languages
pgsql-hackers by date: