Re: BUG #16448: Remote code execution vulnerability

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: BUG #16448: Remote code execution vulnerability
Дата
Msg-id CAKFQuwaSYf+upv63s3VuP49ZoPDUOmH_PNY7JSTWL-SNtocvbQ@mail.gmail.com
обсуждение исходный текст
Ответ на BUG #16448: Remote code execution vulnerability  (PG Bug reporting form <noreply@postgresql.org>)
Список pgsql-bugs
Дерево обсуждения
On Mon, May 18, 2020 at 2:41 AM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      16448
Logged by:          yi Ding
Email address:      abcxiaod@126.com
PostgreSQL version: 10.12
Operating system:   linux
Description:       

A common user created a function in the public space and added some
malicious codes in the function, when other users with superuser rights call
this function, the malicious code will be executed , so as to achieve the
purpose of remote malicious code execution.

The project respectfully requests that security related concerns be reported to the security list as opposed to the public bug report listing.

https://www.postgresql.org/support/ 

security@postgresql.org

David J.

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Heikki Linnakangas
Дата:
Сообщение: Re: BUG #16448: Remote code execution vulnerability
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: BUG #16441: Cannot multi-insert into generated column withDEFAULT value