Re: a vulnerability in PostgreSQL
Tatsuo Ishii <t-ishii@sra.co.jp>
From: Tatsuo Ishii <t-ishii@sra.co.jp>
To: lyeoh@pop.jaring.my
Cc: pgsql-hackers@postgresql.org
Date: 2002-05-03T23:56:31Z
Lists: pgsql-hackers
Attachments
- conv.c-7.0.3.patch (text/plain) patch
- conv.c-6.5.3.patch (text/plain) patch
> > Oops. How about: > > > > foo'; DROP TABLE t1; -- foo > > > > The last ' gets removed, leaving -- (81a2). > > > > So you get: > > select ... '(0x81a2)'; DROP TABLE t1; -- (0x81a2) > > This surely works:-< Ok, you gave me an enough example that shows even > 7.1.x and 7.0.x are not safe. > > Included are patches for 7.1.3. Patches for 7.0.3 and 6.5.3 will be > posted soon. Included are patches for 7.0.3 and 6.5.3 I promised. BTW, >I hope you won't make this standard practice. Because there are quite >significant differences that make upgrading from 7.1.x to 7.2 troublesome. >I can't name them offhand but they've appeared on the list from time to time. I tend to agree above but am not sure making backport patches are core's job. I have been providing patches for PostgreSQL for years in Japan, and people there seem to be welcome such kind of services. However, supporting previous versions is not a trivial job and I don't want core members to spend their valuable time for that kind of job, since making backport patches could be done by anyone who are familiar with PostgreSQL. -- Tatsuo Ishii