Home > mailing lists

Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com) - Mailing list pgsql-advocacy

From	Josh Berkus
Subject	Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)
Date	April 11, 2013 23:38:28
Msg-id	5167496C.7040406@agliodbs.com Whole thread Raw
In response to	Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com) (Douglas J Hunley <doug.hunley@gmail.com>)
List	pgsql-advocacy

Tree view

>
> I would hope people have tripwire/aide/et al configured to watch for these
> sorts of things already
>

Most of our non-cloud users connect to the DB from the application as
the superuser (the cloud users don't only because they're not allowed
to).  I think Tripwire is a little beyond them.

Anyway, the Blackwing analysis points out a whole set of potential
exploits which our security team hadn't thought of.

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

pgsql-advocacy by date:

From: Bruce Momjian
Date: 11 April 2013, 19:12:55
Subject: Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com)

From: "Greg Sabino Mullane"
Date: 12 April 2013, 02:04:22
Subject: Re: Heroku early upgrade is raising serious questions

Re: Dissecting PostgreSQL CVE-2013-1899 (blackwinghq.com) - Mailing list pgsql-advocacy

Previous

Next