Home > mailing lists

Re: Probably security hole in postgresql-7.4.1 - Mailing list pgsql-hackers

From	Bruno Wolff III
Subject	Re: Probably security hole in postgresql-7.4.1
Date	May 13, 2004 00:58:45
Msg-id	20040513010314.GA8037@wolff.to Whole thread Raw
In response to	Re: Probably security hole in postgresql-7.4.1 (Shachar Shemesh <psql@shemesh.biz>)
List	pgsql-hackers

Tree view

On Thu, May 13, 2004 at 00:54:19 +0300, Shachar Shemesh <psql@shemesh.biz> wrote:
> >
> I'm sorry. Maybe it's spending too many years in the security industry 
> (I've been Check Point's "oh my god we have a security problem" process 
> manager for over two years). Maybe it's knowing how to actually exploit 
> these problems. Maybe it's just seeing many of the good guys (OpenBSD's 
> Theo included) fall flat on their faces after saying "This is a DoS 
> only". In my book, a buffer overrun=arbitrary code execution.

But it is still a local user exploit, not a remote user exploit. That makes
a big difference in how the bug should be treated.

pgsql-hackers by date:

From: Larry Rosenman
Date: 13 May 2004, 00:56:54
Subject: UnixWare/Threads stuff [repost from March]

From: Bruce Momjian
Date: 13 May 2004, 01:10:17
Subject: Re: threads stuff/UnixWare

Re: Probably security hole in postgresql-7.4.1 - Mailing list pgsql-hackers

Previous

Next