> -----Original Message-----
> From: Neil Conway [mailto:neilc@samurai.com]
> Sent: Monday, August 19, 2002 10:48 PM
> To: Dann Corbit
> Cc: Neil Conway; Mark Pritchard; Justin Clift; Tom Lane;
> Christopher Kings-Lynne; pgsql-hackers@postgresql.org
> Subject: Re: [HACKERS] @(#) Mordred Labs advisory 0x0001:
> Buffer overflow in
>
>
> "Dann Corbit" <DCorbit@connx.com> writes:
> > I read (in some other message) that this buffer overrun problem has
> > been known for a very, very long time.
>
> No, the problem you're referring to (cash_out() and friends)
> is *not* a buffer overrun.
I did miss the one message that said it was not a buffer overrun (I just
got back from vacation, sorry).
However, if it *can* crash the server, that sounds pretty important to
me. Another message in this thread seemed to indicate that security was
not a major focus (lagging behind adding new features). I do hope that
is not true.