Home > mailing lists

Re: IMPORTANT: two new PostgreSQL security problems found - Mailing list pgsql-admin

From	Thomas F.O'Connell
Subject	Re: IMPORTANT: two new PostgreSQL security problems found
Date	May 9, 2005 19:30:44
Msg-id	9379c1a188ee92d15850274c61436ad3@sitening.com Whole thread Raw
Responses	Re: IMPORTANT: two new PostgreSQL security problems found
List	pgsql-admin

Tree view

I put together a little Perl script (which assumes proper installation
of both DBI and DBD::Pg and that template1 exists) that takes care of
the character conversion vulnerability:

http://www.sitening.com/postgresql-update-2005-1

I've run this on my development servers, and it seems to have had the
anticipated effect, but, as always, more eyeballs help. If anyone notes
any potential showstoppers, I'll gladly update the script.

I don't have tsearch2 installed anywhere, so I didn't bother with that,
but this script could probably be easily modified to address that
vulnerability.

-tfo

--
Thomas F. O'Connell
Co-Founder, Information Architect
Sitening, LLC

Strategic Open Source: Open Your i™

http://www.sitening.com/
110 30th Avenue North, Suite 6
Nashville, TN 37203-6320
615-260-0005

pgsql-admin by date:

From: Ian FREISLICH
Date: 09 May 2005, 19:30:37
Subject: Re: REMOVE

From: Scott Marlowe
Date: 09 May 2005, 19:48:22
Subject: Re: conversion security update may have slowed our system?

Re: IMPORTANT: two new PostgreSQL security problems found - Mailing list pgsql-admin

Previous

Next