Home > mailing lists

Re: [COMMITTERS] pgsql: Fix failure due to accessing an - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [COMMITTERS] pgsql: Fix failure due to accessing an
Date	January 18, 2007 15:42:26
Msg-id	27900.1169138540@sss.pgh.pa.us Whole thread Raw
In response to	Re: [COMMITTERS] pgsql: Fix failure due to accessing an (Tatsuo Ishii <ishii@sraoss.co.jp>)
Responses	Re: [COMMITTERS] pgsql: Fix failure due to accessing an (Tatsuo Ishii <ishii@postgresql.org>)
List	pgsql-hackers

Tree view

Tatsuo Ishii <ishii@sraoss.co.jp> writes:
> One of our engineer claimed that double free bug itself is a
> vulnerability, thus 8.2.1 release should be called as "security
> release".

[ shrug... ]  AFAICS the crashing bugs we fixed in 8.2.1 can't be
exploited for anything beyond crashing the backend, and only by an
attacker who can issue arbitrary SQL commands.  There are plenty of
other ways to cause momentary DOS if you can do that, so it doesn't
strike me as a big security vulnerability.  But if you want to call
it one, you can.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 18 January 2007, 15:21:49
Subject: Re: Design notes for EquivalenceClasses

From: Alvaro Herrera
Date: 18 January 2007, 15:43:00
Subject: Re: [GENERAL] Corrupt database? 8.1/FreeBSD6.0

Re: [COMMITTERS] pgsql: Fix failure due to accessing an - Mailing list pgsql-hackers

Previous

Next