Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in
| От | Jan Wieck |
|---|---|
| Тема | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in |
| Дата | |
| Msg-id | 3D6249EB.F92933EF@Yahoo.com обсуждение исходный текст |
| Ответ на | Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in ("Dann Corbit" <DCorbit@connx.com>) |
| Список | pgsql-hackers |
Dann Corbit wrote: > [...] > > What I am saying is that there is nothing that could possibly be more > important than fixing this, except some other known problem that could > also cause billions of dollars worth of damage. Are there any such > problems besides the buffer overrun problems? And what others tried to tell you is, that there are different types of systems and levels of vulnerability. A software that by nature needs to be exposed to the internet (like an SMTP, HTTP or SSH server) is in high danger and needs to be fixed immediately. But software that by nature needs to be well protected from uncontrolled access (like a database, a backup management system or a logical volume manager) does not. The matter of the fact is, that if you grant someone access to your database that gives him the power to execute the statement that triggers this bug, you're lost anyway. Whatever constraints you have set up, an empty database is usually very consistent but not neccessarily useful. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@Yahoo.com #
В списке pgsql-hackers по дате отправления: