Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

> > I'd like to see something done about this fairly soon, but it's not
> > happening for 7.3 ...
>
> Hang on, you seem to be suggesting we release a major new upgrade, with
> major new functionality, knowing it contains a way to trivially crash
> the backend.
>
> Err.. hang on.  What happened to our reputation for quality and
> releasing "when it's ready"?
>
> Since when were we Microsoft-ized?

I personally agree with Justin that it should be fixed for 7.3 (just imagine
all those people selling colo postgres services).  There should be a 7.2.2
as well that fixes the date parser problem.

However, if you let people just run anything they want on your server (eg.
select cash_out(2);) then you're already in a world of pain because they can
quite easily DOS you by doing large, expensive queries, creating 1000
billion row tables, etc., etc.

Chris