Home > mailing lists

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

From	Justin Clift
Subject	Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
Date	August 19, 2002 21:56:15
Msg-id	3D617782.AD2AB813@postgresql.org Whole thread Raw
In response to	@(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (fwd) (Vince Vielhaber <vev@michvhf.com>)
Responses	Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
List	pgsql-hackers

Tree view

Vince,

Do you reckon it's worth you responding to "Sir Mordred" and pointing
out that he overstated the vulnerability?

:-)

Regards and best wishes,

Justin Clift


Tom Lane wrote:
> 
> Justin Clift <justin@postgresql.org> writes:
> > Glad he made the advisory for something there's a fix for.  :)
> 
> The claim that this bug allows execution of arbitrary code is bogus anyway.
> The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
> predetermined way; an attacker will have no opportunity to insert code
> of his choosing.
> 
>                         regards, tom lane

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi

pgsql-hackers by date:

From: "Jeroen T. Vermeulen"
Date: 19 August 2002, 21:08:29
Subject: Re: Open 7.3 items

From: Vince Vielhaber
Date: 19 August 2002, 21:59:50
Subject: Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in - Mailing list pgsql-hackers

Previous

Next