On 2006-04-15, "Peter van der Maas" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Is it correct to assume that if a user has write permission to
> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash can be
> replaced with one of a known origin in order to own the DB?
It's worse than that.
Steve Atkins <[EMAIL PROTECTED]> writes:
> On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
>> Is it correct to assume that if a user has write permission to
>> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
>> can be replaced with one of a known origin in order to own th
On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
Hello,
Is it correct to assume that if a user has write permission to
\data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
can be
replaced with one of a known origin in order to own the DB?
Probably. It'd be much easier t
