Re: [HACKERS] pgsql: Fix backend crash in parsing incorrect tsquery.

2007-02-12 Thread Jeremy Drake
On Mon, 12 Feb 2007, Teodor Sigaev wrote:

 Log Message:
 ---
 Fix backend crash in parsing incorrect tsquery.

 Per report from Jon Rosebaugh [EMAIL PROTECTED]

Is this a security issue?  Does it need a new security release?  I hope
that the answer is not this is contrib, it isn't as important since I
have been trying to convince others that contrib is not less secure or
well supported than core.  If this is a security issue (and if it can
crash the backend due to a function parameter, it probably is) the
community response to it will be particularly compelling evidence.

 Modified Files:
 --
 pgsql/contrib/tsearch2:
 query.c (r1.30 - r1.31)
 
 (http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/tsearch2/query.c.diff?r1=1.30r2=1.31)



-- 
Colvard's Logical Premises:
All probabilities are 50%.  Either a thing will happen or it
won't.

Colvard's Unconscionable Commentary:
This is especially true when dealing with someone you're
attracted to.

Grelb's Commentary
Likelihoods, however, are 90% against you.

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly


Re: [HACKERS] pgsql: Fix backend crash in parsing incorrect tsquery.

2007-02-12 Thread Peter Eisentraut
Jeremy Drake wrote:
 On Mon, 12 Feb 2007, Teodor Sigaev wrote:
  Log Message:
  ---
  Fix backend crash in parsing incorrect tsquery.
 
  Per report from Jon Rosebaugh [EMAIL PROTECTED]

 Is this a security issue?  Does it need a new security release?

We don't treat crashes to be security issues of the kind that calls for 
the full security exercise.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/

---(end of broadcast)---
TIP 1: if posting/reading through Usenet, please send an appropriate
   subscribe-nomail command to [EMAIL PROTECTED] so that your
   message can get through to the mailing list cleanly


Re: [HACKERS] pgsql: Fix backend crash in parsing incorrect tsquery.

2007-02-12 Thread Jeremy Drake
On Tue, 13 Feb 2007, Peter Eisentraut wrote:

 We don't treat crashes to be security issues of the kind that calls for
 the full security exercise.

But if a security issue, by whatever definition of the term applies to
core, is found in contrib, it would result in the full security exercise,
correct?

Of course, the people I am trying to convince that contrib is not insecure
have yet to update their server with the latest security release (still
running 8.1.3), so it is probably pretty much moot :)

-- 
Anyone can hold the helm when the sea is calm.
-- Publius Syrus

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings


Re: [HACKERS] pgsql: Fix backend crash in parsing incorrect tsquery.

2007-02-12 Thread Tom Lane
Jeremy Drake [EMAIL PROTECTED] writes:
 On Mon, 12 Feb 2007, Teodor Sigaev wrote:
 Fix backend crash in parsing incorrect tsquery.

 Is this a security issue?  Does it need a new security release?

We looked at this and determined that the worst that could be done with
it is crash the backend.  Which is annoying, but if we treated every
such bug as a security exercise then we'd be having a new release every
week or so.  Core's current policy is that we'll consider a bug worthy
of a security release if it can be used to force execution of arbitrary
code, access otherwise-unavailable information, etc.  A simple crash is
at worst a momentary denial of service to other DB users, and if you've
got the ability to issue arbitrary SQL there are lots of ways to create
denial-of-service situations of one magnitude or another.

Also, recent history should impress on you the disadvantages of treating
problems as security exercises: patches that go in without any public
review or testing are far more likely to create new problems than those
that go through the normal process.  So setting a low bar for what
constitutes a security issue is likely to decrease the system's overall
reliability.

regards, tom lane

---(end of broadcast)---
TIP 4: Have you searched our list archives?

   http://archives.postgresql.org


Re: [HACKERS] pgsql: Fix backend crash in parsing incorrect tsquery.

2007-02-12 Thread Jeremy Drake
On Mon, 12 Feb 2007, Tom Lane wrote:

 Jeremy Drake [EMAIL PROTECTED] writes:
  On Mon, 12 Feb 2007, Teodor Sigaev wrote:
  Fix backend crash in parsing incorrect tsquery.

  Is this a security issue?  Does it need a new security release?

 We looked at this and determined that the worst that could be done with
 it is crash the backend.  Which is annoying, but if we treated every
 such bug as a security exercise then we'd be having a new release every
 week or so.  Core's current policy is that we'll consider a bug worthy
 of a security release if it can be used to force execution of arbitrary
 code, access otherwise-unavailable information, etc.  A simple crash is
 at worst a momentary denial of service to other DB users, and if you've
 got the ability to issue arbitrary SQL there are lots of ways to create
 denial-of-service situations of one magnitude or another.

 Also, recent history should impress on you the disadvantages of treating
 problems as security exercises: patches that go in without any public
 review or testing are far more likely to create new problems than those
 that go through the normal process.  So setting a low bar for what
 constitutes a security issue is likely to decrease the system's overall
 reliability.

I understand.  This is reasonable.  I am glad that this was considered,
and weighed against the same policy as core.


-- 
Andrea: Unhappy the land that has no heroes.
Galileo: No, unhappy the land that _needs heroes.
-- Bertolt Brecht, Life of Galileo

---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

   http://www.postgresql.org/docs/faq