On Tue, Sep 16, 2008 at 1:18 AM, H D Moore <[EMAIL PROTECTED]> wrote:
> On Monday 15 September 2008, Ulisses Castro wrote: > > I found some bugs when I play Metasploit and PostgreSQL and Auto > > Thanks! > > > ERROR: syntax error at or near "create" > > LINE 2: create table notes ( > > There is a missing semi-colon after the drop table notes command, but this > isn't a reason to remove all drop table commands from the script. Is > there a reason why you removed all of these? > Yes, I founded a system call of dropdb in db_create function (db_postgres.rb) and because of this don't need the drops in sql. > > $ diff -Nur db_postgres.rb.old db_postgres.rb > > --- db_postgres.rb.old 2008-09-14 23:32:29.000000000 -0300 > > +++ db_postgres.rb 2008-09-15 02:52:11.000000000 -0300 > > The patch looks good for the most part. The indentation is all incorrect > though, we require hard tab indentation and the patch used spaces. I will > fix the indentation and commit. > Ooops sorry, I just take the original script and made changes. > > > $ diff -Nur postgres.sql.old postgres.sql > > --- postgres.sql.old 2008-09-14 23:10:04.000000000 -0300 > > +++ postgres.sql 2008-09-14 23:11:36.000000000 -0300 > > @@ -1,5 +1,3 @@ > > -drop table hosts; > > For now, I am just fixing the drop table for notes, if you have a strong > reason for removing all of the drop table calls, let me know. Not > removing them causes subsequent db_create calls with the same name to > reuse the old tables, which is probably not what people expect. > Ok, about drops in sql, I have some sugestions about, some compatibles and anothers not so comatible. Sugestion 1 Remove dropdb system call from db_create function in db_postgres.rb and keep drops in sql, but with some changes, just to not show error messages to user. Like this: DROP TABLE IF EXISTS table; If choose this option some problems with old versions of PostgreSQL, because postgres 8.1 and later don't have the feature "IF EXISTS" in DROP TABLE. [1][2] Sugestion 2 Keep dropdb in db_create function and remove drops from postgres.sql. I think this is more clean and more compatible, btw feel free to choose, both works fine for me (I use PostgreSQL 8.3 from source). > > -HD > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers > -- Ulisses Castro [EMAIL PROTECTED] http://ulissescastro.wordpress.com References: 1 - http://www.postgresql.org/docs/8.1/interactive/sql-droptable.html 2 - http://www.postgresql.org/docs/8.2/interactive/sql-droptable.html
_______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
