On Mon, Aug 19, 2013 at 11:44:36PM +0200, Dimitri Fontaine wrote: > Bruce Momjian <br...@momjian.us> writes: > > That's pretty vague. Exactly what does "keys to the kingdom" mean? If > > it means you can do anything to the database, you are right. If it > > means executing arbitrary code, including arbitrary kernel calls, I > > would like to hear how that is done. > > You've now heard about one way to do that in an off-list email, so that > it's not in our public archives for any malicious user to find it.
Yes, agreed. FYI, the method I listed above is public and was discovered on an exploit website. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
