Re: Probably security hole in postgresql-7.4.1 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Probably security hole in postgresql-7.4.1
Date
Msg-id 7681.1084454121@sss.pgh.pa.us
Whole thread Raw
In response to Re: Probably security hole in postgresql-7.4.1  ("Ken Ashcraft" <ken@coverity.com>)
List pgsql-hackers
"Ken Ashcraft" <ken@coverity.com> writes:
>> ... thus opening up the problem to anyone who can get past the
>> initial postmaster authentication check.  So this is more severe than we
>> first thought.

> Great.  Thanks for the feedback.  If it is serious, is an advisory in order?

No, we'll just push out the fix as part of the next update version
(though that may happen a little sooner than it would have otherwise).
Sensible people don't give direct database connections to untrustworthy
users in the first place, since there are so many ways you can cause
problems if you can issue random SQL commands ...
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tatsuo Ishii
Date:
Subject: Re: PostgreSQL pre-fork speedup
Next
From: Tom Lane
Date:
Subject: Re: threads stuff/UnixWare