On 04/12/18 10:37, marius adrian popa wrote:
https://www.tenable.com/security/research/tra-2017-36
That's fixed in FB4 - loading UDFs is denied by default configuration, use of them is deprecated, replacement is UDRs which are nt affected by mentioned vulnerability. In FB3 one should be sysdba or granted special right to declare extrernal functions. This does not solve the problem - just makes it a bit less dangerous. We can't do something better with this, therefore no fixes for current releases.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
