Re: a vulnerability in PostgreSQL
| От | Tatsuo Ishii |
|---|---|
| Тема | Re: a vulnerability in PostgreSQL |
| Дата | |
| Msg-id | 20020613.101045.45157492.t-ishii@sra.co.jp обсуждение исходный текст |
| Ответ на | Re: a vulnerability in PostgreSQL (Bruce Momjian <pgman@candle.pha.pa.us>) |
| Список | pgsql-hackers |
> Do we need to do any more work to document this problem? Better documetation will be welcome. However which document? -- Tatsuo Ishii > --------------------------------------------------------------------------- > > Tatsuo Ishii wrote: > > > Oops. How about: > > > > > > foo'; DROP TABLE t1; -- foo > > > > > > The last ' gets removed, leaving -- (81a2). > > > > > > So you get: > > > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2) > > > > This surely works:-< Ok, you gave me an enough example that shows even > > 7.1.x and 7.0.x are not safe. > > > > Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be > > posted soon. > > [ Attachment, skipping... ] > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 3: if posting/reading through Usenet, please send an appropriate > > subscribe-nomail command to majordomo@postgresql.org so that your > > message can get through to the mailing list cleanly > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 >
В списке pgsql-hackers по дате отправления: