Home > mailing lists

Re: Interesting message about printf()'s in PostgreSQL - Mailing list pgsql-hackers

From	Christopher Kings-Lynne
Subject	Re: Interesting message about printf()'s in PostgreSQL
Date	August 12, 2002 03:16:56
Msg-id	GNELIHDDFBOCMGBFGEFOOEKDCDAA.chriskl@familyhealth.com.au Whole thread Raw
In response to	Re: Interesting message about printf()'s in PostgreSQL (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Interesting message about printf()'s in PostgreSQL (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

> I see one unsubstantiated allegation about PG intermixed with a ton
> of content-free navel-gazing.  Don't waste my time.

For instance, when I submitted patches for fulltextindex 7.2 it freely used
unchecked sprintf's everywhere.  Even now I'm not sure what'll happen if a
malicious user really tried to crash it.  Anyway, who cares about printfs
when stuff like select cash_out(2) is documented?

> I have no doubt that some problems remain (cf recent agonizing over
> whether there is a buffer overrun problem in the date parser) ...
> but unspecific rumors don't help anyone.  As always, the best form of
> criticism is a diff -c patch.

Maybe we could form a bunch of people on this list interested in checking
for security issues and fixing them.  I'd be in, time be willing...

Chris

pgsql-hackers by date:

From: Gavin Sherry
Date: 12 August 2002, 03:07:41
Subject: Re: Interesting message about printf()'s in PostgreSQL

From: Alvaro Herrera
Date: 12 August 2002, 03:34:13
Subject: cash_out bug

Re: Interesting message about printf()'s in PostgreSQL - Mailing list pgsql-hackers

Previous

Next