Home > mailing lists

Re: reuse sysids security hole? - Mailing list pgsql-hackers

From	Gavin Sherry
Subject	Re: reuse sysids security hole?
Date	August 12, 2003 14:43:06
Msg-id	Pine.LNX.4.21.0308130039410.17517-100000@linuxworld.com.au Whole thread Raw
In response to	reuse sysids security hole? (Andrew Dunstan <andrew@dunslane.net>)
Responses	Re: reuse sysids security hole?
List	pgsql-hackers

Tree view

On Tue, 12 Aug 2003, Andrew Dunstan wrote:

> 
> (Thought triggered by something Tom said the other day)
> 
> Is this a security hole? Looks like one to me. Would it be better to use 
> a sequence generator for sysids instead of using max+1 on the user 
> table? Or else store the last sysid used somewhere?

This issue has been discussed before and it was agreed that since most
UNIX systems will behave in the same way, there's no way to know. Also, it
is not possible for a given database to know the max(sysid) of pg_user in
another database.

Thanks,

Gavin

pgsql-hackers by date:

From: Andrew Dunstan
Date: 12 August 2003, 14:37:32
Subject: reuse sysids security hole?

From: Andrew Sullivan
Date: 12 August 2003, 14:47:19
Subject: Re: Farewell

Re: reuse sysids security hole? - Mailing list pgsql-hackers

Previous

Next