Обсуждение: Re: IMPORTANT: two new PostgreSQL security problems found

Поиск
Список
Период
Сортировка

Re: IMPORTANT: two new PostgreSQL security problems found

От
Thomas F.O'Connell
Дата:
I put together a little Perl script (which assumes proper installation
of both DBI and DBD::Pg and that template1 exists) that takes care of
the character conversion vulnerability:

http://www.sitening.com/postgresql-update-2005-1

I've run this on my development servers, and it seems to have had the
anticipated effect, but, as always, more eyeballs help. If anyone notes
any potential showstoppers, I'll gladly update the script.

I don't have tsearch2 installed anywhere, so I didn't bother with that,
but this script could probably be easily modified to address that
vulnerability.

-tfo

--
Thomas F. O'Connell
Co-Founder, Information Architect
Sitening, LLC

Strategic Open Source: Open Your i™

http://www.sitening.com/
110 30th Avenue North, Suite 6
Nashville, TN 37203-6320
615-260-0005

Re: IMPORTANT: two new PostgreSQL security problems found

От
Tomaz Borstnar
Дата:
Thomas F.O'Connell wrote:
> I put together a little Perl script (which assumes proper installation
> of both DBI and DBD::Pg and that template1 exists) that takes care of
> the character conversion vulnerability:

dont hardcode pgsql superuser :)

Tomaž