Well, if it's a buffer overrun, there is certainly potential for risks well beyond that of simply crashing the "be". It's certainly possible that a simple bug in one cgi script or web site could allow someone to execute code on the database host because of this bug. Assuming they are running the "be" as "postgres" or some other seemingly harmless user, it's still possible that complete destruction of any and all databases which are hosted and accessible by this user can be utterly destroyed or miscellaneously corrupted.
Buffer over runs should be treated with the up most urgency and respect. IMO, any known buffer overrun is worthy of an emergency fix and corresponding advisory. Greg Copeland On Sun, 2002-08-11 at 12:09, Tom Lane wrote: > Justin Clift <[EMAIL PROTECTED]> writes: > > Am I understanding this right: > > - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain > > date values which would be accepted by standard "front end" parsing? > > AFAIK it's a buffer overrun issue, so anything that looks like a > reasonable date would *not* cause the problem. > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html
signature.asc
Description: This is a digitally signed message part
