On 19 Dec 2018, at 6:19pm, Jens Alfke <j...@mooseyard.com> wrote: > 2. Mallory uses something like the ’sqlite3’ tool to open the database and > execute a CREATE TRIGGER statement whose trigger SQL exploits a vulnerability > to do something nasty like remote code execution.
I'm not sure how you would do that purely inside a trigger. You can't just specially craft a BLOB with bad content. I think it would need participation from the software making the call to the API. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users