| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [COMMITTERS] pgsql: Fix failure due to accessing an |
| Date: | 2007-01-18 16:42:20 |
| Message-ID: | 27900.1169138540@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> writes:
> One of our engineer claimed that double free bug itself is a
> vulnerability, thus 8.2.1 release should be called as "security
> release".
[ shrug... ] AFAICS the crashing bugs we fixed in 8.2.1 can't be
exploited for anything beyond crashing the backend, and only by an
attacker who can issue arbitrary SQL commands. There are plenty of
other ways to cause momentary DOS if you can do that, so it doesn't
strike me as a big security vulnerability. But if you want to call
it one, you can.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2007-01-18 22:30:41 | Re: [COMMITTERS] pgsql: Fix failure due to accessing an |
| Previous Message | Peter Eisentraut | 2007-01-18 14:07:31 | pgsql: Optionally use xml2-config to detect installation locations of |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2007-01-18 16:42:49 | Re: Corrupt database? 8.1/FreeBSD6.0 |
| Previous Message | Tom Lane | 2007-01-18 16:21:40 | Re: Design notes for EquivalenceClasses |