Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Vince Vielhaber <vev@michvhf.com>

From: Vince Vielhaber <vev@michvhf.com>
To: "Marc G. Fournier" <scrappy@hub.org>
Cc: Neil Conway <neilc@samurai.com>, Bruce Momjian <pgman@candle.pha.pa.us>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2002-08-24T14:51:30Z
Lists: pgsql-hackers, pgsql-general
On Sat, 24 Aug 2002, Marc G. Fournier wrote:

> On 24 Aug 2002, Neil Conway wrote:
>
> > "Marc G. Fournier" <scrappy@hub.org> writes:
> >
> > > On 23 Aug 2002, Neil Conway wrote:
> > > > The datetime overrun does not require the ability to connect to
> > > > the database.
> > >
> > > Ack ... obviously I missed something, but, if you can't get a
> > > connection to the database, how exactly is this one triggered? :(
> >
> > If the application is accepting datetime input from the user ('what's
> > your birthday?', for example), and isn't doing some non-obvious input
> > validation on it (namely, checking that the input string isn't too
> > long), you can crash the backend. Gavin says executing arbitrary code
> > using the hole would be extremely difficult, but it's at least
> > conceivable.
>
> Right, but you have to get a connection to the backend in order to crash
> it ... no?

And what are the odds your application is going to bomb due to a buffer
overflow before it even gets to the database.  I can see maybe with php,
but a web form should always be length limited.

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net
         56K Nationwide Dialup from $16.00/mo at Pop4 Networking
      http://www.camping-usa.com      http://www.cloudninegifts.com
   http://www.meanstreamradio.com       http://www.unknown-artists.com
==========================================================================