| From: | Thomas F(dot)O'Connell <tfo(at)sitening(dot)com> |
|---|---|
| To: | PGSQL Admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: IMPORTANT: two new PostgreSQL security problems found |
| Date: | 2005-05-09 19:30:34 |
| Message-ID: | 9379c1a188ee92d15850274c61436ad3@sitening.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I put together a little Perl script (which assumes proper installation
of both DBI and DBD::Pg and that template1 exists) that takes care of
the character conversion vulnerability:
http://www.sitening.com/postgresql-update-2005-1
I've run this on my development servers, and it seems to have had the
anticipated effect, but, as always, more eyeballs help. If anyone notes
any potential showstoppers, I'll gladly update the script.
I don't have tsearch2 installed anywhere, so I didn't bother with that,
but this script could probably be easily modified to address that
vulnerability.
-tfo
--
Thomas F. O'Connell
Co-Founder, Information Architect
Sitening, LLC
Strategic Open Source: Open Your i™
http://www.sitening.com/
110 30th Avenue North, Suite 6
Nashville, TN 37203-6320
615-260-0005
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2005-05-09 19:48:12 | Re: conversion security update may have slowed our system? |
| Previous Message | Ian FREISLICH | 2005-05-09 19:30:28 | Re: REMOVE |