On 04/02/2012 05:23 AM, Dave Page wrote:
There are hundreds of thousands of pieces of malware for Windows that
relied on the ability to write to "system" directories like this to do
their misdeeds. Anywhere they can write (or modify existing) software
that may get executed at boot time or by an unsuspecting users (or
potentially, root). Microsoft spent millions, probably tens or
hundreds of millions enhancing the security of Windows precisely
because of this type of security issue.
If homebrew intentionally creates a hole like that, then for as long
as I'm one of the PostgreSQL webmasters it will *never* be listed on
our download pages.
I'm one of the people who doesn't have a horse in this race. (Recently I
was teaching my daughter about some development stuff and so I got her
to install Fedora under VirtualBox on her Mac :-) ). But as soon as I
saw this stuff about the intentional security hole it raised a great big
red flag with me too.
Sent via pgsql-hackers mailing list (email@example.com)
To make changes to your subscription: