| From: | Gaetano Mendola <mendola(at)bigfoot(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: postgres vulnerability |
| Date: | 2004-10-10 12:38:40 |
| Message-ID: | ckbagg$9g3$1@floppy.pyrenet.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Garamond wrote:
> Gaetano Mendola wrote:
>
>> Neil Conway wrote:
>> > Gaetano Mendola wrote:
>> >
>> >> Here http://www.sans.org/top20/#u9
>> >> are listed postgres vulnerability it's sad see that almost all
>> >> are related to third part components
>> >
>> >
>> > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
>> > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC
>> > driver.
>>
>> I consider RPM distribution and ODBC driver as third part component.
>
>
> Unless the vulnerability is introduced by a patch in the RPM, RPM is
> just a compiled version of the original. Thus, not third party code.
Well the RPM issue was about wrong file permission, do you think this is
a postgres vulnerability ?
Regards
Gaeatano Mendola
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2004-10-10 13:48:42 | Re: postgres vulnerability |
| Previous Message | David Garamond | 2004-10-10 11:07:54 | Re: postgres vulnerability |