Home > mailing lists

Re: postgres vulnerability - Mailing list pgsql-hackers

From	Gaetano Mendola
Subject	Re: postgres vulnerability
Date	October 10, 2004 16:50:23
Msg-id	ckbagg$9g3$1@floppy.pyrenet.fr Whole thread Raw
In response to	Re: postgres vulnerability (David Garamond <lists@zara.6.isreserved.com>)
List	pgsql-hackers

Tree view

David Garamond wrote:
> Gaetano Mendola wrote:
> 
>> Neil Conway wrote:
>>  > Gaetano Mendola wrote:
>>  >
>>  >> Here  http://www.sans.org/top20/#u9
>>  >> are listed postgres vulnerability it's sad see that almost all
>>  >> are related to third part components
>>  >
>>  >
>>  > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
>>  > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC
>>  > driver.
>>
>> I consider RPM distribution and ODBC driver as third part component.
> 
> 
> Unless the vulnerability is introduced by a patch in the RPM, RPM is 
> just a compiled version of the original. Thus, not third party code.

Well the RPM issue was about wrong file permission, do you think this is 
a postgres vulnerability ?


Regards
Gaeatano Mendola

pgsql-hackers by date:

From: David Garamond
Date: 10 October 2004, 15:08:11
Subject: Re: postgres vulnerability

From: Stephan Szabo
Date: 10 October 2004, 17:48:51
Subject: Re: postgres vulnerability

Re: postgres vulnerability - Mailing list pgsql-hackers

Previous

Next