Re: reuse sysids security hole? - Mailing list pgsql-hackers

From Gavin Sherry
Subject Re: reuse sysids security hole?
Date
Msg-id Pine.LNX.4.21.0308130039410.17517-100000@linuxworld.com.au
Whole thread Raw
In response to reuse sysids security hole?  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: reuse sysids security hole?
List pgsql-hackers
On Tue, 12 Aug 2003, Andrew Dunstan wrote:

> 
> (Thought triggered by something Tom said the other day)
> 
> Is this a security hole? Looks like one to me. Would it be better to use 
> a sequence generator for sysids instead of using max+1 on the user 
> table? Or else store the last sysid used somewhere?

This issue has been discussed before and it was agreed that since most
UNIX systems will behave in the same way, there's no way to know. Also, it
is not possible for a given database to know the max(sysid) of pg_user in
another database.

Thanks,

Gavin



pgsql-hackers by date:

Previous
From: Andrew Dunstan
Date:
Subject: reuse sysids security hole?
Next
From: Andrew Sullivan
Date:
Subject: Re: Farewell