Larry Rosenman writes:
Universal Practice does NOT equal Security and Usability.
Please consider what Kean is saying here.
What Kean is saying is that your system is insecure if you have a setuid
executable that references shared libraries with nonabsolute sonames and
you have a system (an
--On Friday, July 25, 2003 09:37:04 +0200 Peter Eisentraut
[EMAIL PROTECTED] wrote:
Larry Rosenman writes:
Universal Practice does NOT equal Security and Usability.
Please consider what Kean is saying here.
What Kean is saying is that your system is insecure if you have a setuid
executable
Larry Rosenman writes:
I disagree STRONGLY with what you are saying here. What harm does it do to
add the ABILITY for a port to use a ABSOLUTE DT_SONAME?
We can discuss adding the ability, but I'm against enforcing it by
default.
I belive that the issue is not broken systems, but broken
--On Friday, July 25, 2003 11:58:18 +0200 Peter Eisentraut
[EMAIL PROTECTED] wrote:
Larry Rosenman writes:
I disagree STRONGLY with what you are saying here. What harm does it do
to add the ABILITY for a port to use a ABSOLUTE DT_SONAME?
We can discuss adding the ability, but I'm against
Finally I understand the issue, I think.
But wouldn't an ordinary user on SCO wanting to install a private copy of
Pg then have to hack the Makefiles to change/remove the abolute DT_SONAME?
If so, that seems to me to mandate that this not be in the vanilla
distribution. OS Vendors commonly make
Greg, does this patch still reject dates with month/days out of range?
I see some of the range checks are removed. Where those checks used
only for the month/date detection?
For example, I don't see the = 31 checks in there anymore.
Tom, what changes need to be made, or are you too busy?
---
Srikanth M wrote:
Dear Sir,
Please tell the changes you want to incorporate in the present
DATACUBE operator.
Thanking you
Srikanth
Sumit
On
Larry Rosenman wrote:
If your system is broken in that particular way, upgrade your system or
don't use setuid programs at all. Those are the only sane choices. It is
not an acceptable choice to disable all valid uses of nonabsolute sonames
for all users, just because some users are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greg, does this patch still reject dates with month/days out of range?
I see some of the range checks are removed. Where those checks used
only for the month/date detection?
Yes and yes. The range rejection in the previous code only allowed an
OK, I tested the patch and found that it still does proper date validity
checking:
test= select '2003-09-31'::date;
ERROR: Bad date external representation '2003-09-31'
I did find the following change in the regression tests:
INSERT INTO TIMESTAMP_TBL VALUES
Bruce Momjian [EMAIL PROTECTED] writes:
Tom, what changes need to be made, or are you too busy?
It needs a ground-up rewrite, and I'm too busy to think about that
anytime soon. I sent a long list of problems as commentary on the
patch about a month ago. Unfortunately I didn't keep a copy, and
[EMAIL PROTECTED] writes:
Some very minimal checking could be put into place, but it would just be
a small subset of the full checking that occurs later on, so it seemed
better to leave all that logic in one place.
Then why not move the rangechecks on month to the full check code too?
(It
On Fri, 25 Jul 2003, Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
Tom, what changes need to be made, or are you too busy?
It needs a ground-up rewrite, and I'm too busy to think about that
anytime soon. I sent a long list of problems as commentary on the
patch about a month
I did a little more looking at this...
test= select '2003-09-31'::date;
ERROR: Bad date external representation '2003-09-31'
I did find the following change in the regression tests:
INSERT INTO TIMESTAMP_TBL VALUES ('02-10-1997 17:32:01 PST');
INSERT INTO TIMESTAMP_TBL
Kris Jurka [EMAIL PROTECTED] writes:
On Fri, 25 Jul 2003, Tom Lane wrote:
I'm not having any luck finding that message in the archives right
now. Sumit, did you keep a copy?
http://groups.google.com/groups?hl=enlr=ie=UTF-8selm=28882.1057162309%40sss.pgh.pa.us
Thanks, but that actually
Patch applied. Thanks.
---
Rod Taylor wrote:
-- Start of PGP signed section.
On Wed, 2003-06-25 at 11:26, Tom Lane wrote:
Rod Taylor [EMAIL PROTECTED] writes:
It seems that readline() on my system (FreeBSD 4.8)
Bruce Momjian [EMAIL PROTECTED] writes:
INSERT INTO TIMESTAMP_TBL VALUES ('97/02/10 17:32:01 UTC');
+ ERROR: Bad timestamp external representation '97/02/10 17:32:01 UTC'
Again, this one should fail.
It should? I think you're gonna have a lot of unhappy users if there's
no way to persuade
Patch applied. Thanks.
---
Rod Taylor wrote:
-- Start of PGP signed section.
Seems my check constraint change did break stuff.
Alias the appropriate columns back to their original name.
Fixed formatting of a few
Tom Lane wrote:
Bruce Momjian [EMAIL PROTECTED] writes:
INSERT INTO TIMESTAMP_TBL VALUES ('97/02/10 17:32:01 UTC');
+ ERROR: Bad timestamp external representation '97/02/10 17:32:01 UTC'
Again, this one should fail.
It should? I think you're gonna have a lot of unhappy users if
Patch applied. Thanks.
---
Greg Sabino Mullane wrote:
[ There is text before PGP section. ]
[ PGP not available, raw data follows ]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NotDashEscaped: You need GnuPG to
20 matches
Mail list logo