On Sunday 21 May 2006 18:43, Tom Lane wrote:
> "Magnus Hagander" <mha@sollentuna.net> writes:
> > For those that haven't already seen it, this might give some extra
> > exposure to PostgreSQL wrt vulnerability research. Though I think nobody
> > will have a chance to find one (I just don't see how you could possibly
> > get root through postgresql, since we refuse to run as root), other
> > things might be exposed by someone who's poking around.
>
> Yeah, I think they've really done the database community a disservice by
> defining interesting exploits as being only those resulting in root.
> An exploit that lets you get database superuser privs would be the
> appropriate criterion here, IMHO.
>
Agreed, although with some other databases, root level exploits are certainly
a possibiliy. OTOH maybe someone should email them and see if we can
convince them to donate $10,000 to the foundation if no root vulnerabilities
are found... :-)
--
Robert Treat
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL