On Fri, Apr 5, 2019 at 8:35 AM Jeff Janes wrote:
> On Tue, Apr 2, 2019 at 11:31 AM Andres Freund wrote:
>> On 2019-04-02 07:35:02 -0500, Brad Nicholson wrote:
>>
>> > A blog post would be nice, but it seems to me have something about this
>> > clearly in the manual would be best, assuming it's no
On Tue, Apr 2, 2019 at 11:31 AM Andres Freund wrote:
> Hi,
>
> On 2019-04-02 07:35:02 -0500, Brad Nicholson wrote:
>
> > A blog post would be nice, but it seems to me have something about this
> > clearly in the manual would be best, assuming it's not there already. I
> > took a quick look, and
Hi
On 2019-04-04 21:50:41 +0200, Magnus Hagander wrote:
> On Thu, Apr 4, 2019 at 9:45 PM Tom Lane wrote:
>
> > Jeremy Schneider writes:
> > > I'm all for having clear documentation about the security model in
> > > PostgreSQL, but I personally wouldn't be in favor of adding extra
> > > wording
On Thu, Apr 4, 2019 at 9:45 PM Tom Lane wrote:
> Jeremy Schneider writes:
> > I'm all for having clear documentation about the security model in
> > PostgreSQL, but I personally wouldn't be in favor of adding extra
> > wording to the docs just to pacify concerns about a CVE which may have
> > be
Jeremy Schneider writes:
> I'm all for having clear documentation about the security model in
> PostgreSQL, but I personally wouldn't be in favor of adding extra
> wording to the docs just to pacify concerns about a CVE which may have
> been erroneously granted by an assigning authority, who possi
On Mon, Apr 1, 2019 at 4:04 PM Jonathan S. Katz
wrote:
>
> > On Apr 1, 2019, at 9:55 AM, Tom Lane wrote:
> >
> > Magnus Hagander writes:
> >>> On Sat, Mar 30, 2019 at 10:16 PM Tom Lane wrote:
> >>> Yeah; this is supposing that there is a security boundary between
> >>> Postgres superusers and
;,
> Magnus Hagander
> > > mailto:mag...@hagander.net>>, Daniel
> Verite mailto:dan...@manitou-mail.org>>,
> > > pgsql-general <mailto:pgsql-general@lists.postgresql.org>>
> > > Date: 04/02/2019 01:05 AM
> > > Subje
> Cc: Tom Lane , Magnus Hagander
> > > , Daniel Verite ,
> > > pgsql-general
> > > Date: 04/02/2019 01:05 AM
> > > Subject: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
> > >
> > > On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wro
Date: 04/02/2019 01:05 AM
> > Subject: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
> >
> > On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
> > > +1, though I’d want to see if people get noisier about it before we
> rule
> > > out an official
On 4/2/19 1:05 AM, Michael Paquier wrote:
> On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
>> +1, though I’d want to see if people get noisier about it before we rule
>> out an official response.
>>
>> A blog post from a reputable author who can speak to security should
>> be goo
Michael Paquier wrote on 04/02/2019 01:05:01 AM:
> From: Michael Paquier
> To: "Jonathan S. Katz"
> Cc: Tom Lane , Magnus Hagander
> , Daniel Verite ,
> pgsql-general
> Date: 04/02/2019 01:05 AM
> Subject: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
>
&g
On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
> +1, though I’d want to see if people get noisier about it before we rule
> out an official response.
>
> A blog post from a reputable author who can speak to security should
> be good enough and we can make noise through our vario
On 2019-Apr-01, Tom Lane wrote:
> Magnus Hagander writes:
> > On Sat, Mar 30, 2019 at 10:16 PM Tom Lane wrote:
> >> Yeah; this is supposing that there is a security boundary between
> >> Postgres superusers and the OS account running the server, which
> >> there is not. We could hardly have fea
> On Apr 1, 2019, at 9:55 AM, Tom Lane wrote:
>
> Magnus Hagander writes:
>>> On Sat, Mar 30, 2019 at 10:16 PM Tom Lane wrote:
>>> Yeah; this is supposing that there is a security boundary between
>>> Postgres superusers and the OS account running the server, which
>>> there is not. We could
Magnus Hagander writes:
> On Sat, Mar 30, 2019 at 10:16 PM Tom Lane wrote:
>> Yeah; this is supposing that there is a security boundary between
>> Postgres superusers and the OS account running the server, which
>> there is not. We could hardly have features like untrusted PLs
>> if we were tryi
On Sat, Mar 30, 2019 at 10:16 PM Tom Lane wrote:
> "Daniel Verite" writes:
> > I've noticed this post being currently shared on social media:
>
> >
> https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-9193-authenticated-arbitrary-command-execution-on-postgresql-9-3/
>
> > T
"Daniel Verite" writes:
> I've noticed this post being currently shared on social media:
> https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-9193-authenticated-arbitrary-command-execution-on-postgresql-9-3/
> The claim that COPY FROM PROGRAM warrants a CVE seems groundless
Hi,
I've noticed this post being currently shared on social media:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-9193-authenticated-arbitrary-command-execution-on-postgresql-9-3/
The claim that COPY FROM PROGRAM warrants a CVE seems groundless
because you need to be
18 matches
Mail list logo
