Re: Zlib vulnerability heads-up.
| От | Jan Wieck |
|---|---|
| Тема | Re: Zlib vulnerability heads-up. |
| Дата | |
| Msg-id | 200203122100.g2CL0v131118@saturn.janwieck.net обсуждение исходный текст |
| Ответ на | Re: Zlib vulnerability heads-up. (Lamar Owen <lamar.owen@wgcr.org>) |
| Список | pgsql-hackers |
Lamar Owen wrote: > On Tuesday 12 March 2002 11:24 am, Trond Eivind Glomsrød wrote: > > Lamar Owen <lamar.owen@wgcr.org> writes: > > > Updating zlib is strongly recommended by many sources, and a patch is > > > available. > > > FWIW, I really doubt this is much of a problem for postgresql. It's > > mainly a problem for applications dealing with untrusted, compressed > > data (webbrowsers, imageviewers, programs with skins downloaded from > > the Internet) etc. > > It's probably NOT a big problem; but it IS a bug in an underlying library. If fact, it isn't a problem at all. The only data any PostgreSQL DBA would ever pump into a restore is somethinghe built himself or something he got from a secure source, right? I mean, you don't feed some unknownscript you found on the net into the DB as the PostgreSQL superuser. In that case, someone doesn't need tohand-craft such bad compressed data, he can simply use the \! functionality of psql in his script to do whateverhe wants as user postgres. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@Yahoo.com # _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
В списке pgsql-hackers по дате отправления: