| From: | Jeremy Drake <pgsql(at)jdrake(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgsql: Fix backend crash in parsing incorrect tsquery. |
| Date: | 2007-02-13 00:33:41 |
| Message-ID: | Pine.BSO.4.64.0702121628480.18849@resin.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Mon, 12 Feb 2007, Tom Lane wrote:
> Jeremy Drake <pgsql(at)jdrake(dot)com> writes:
> > On Mon, 12 Feb 2007, Teodor Sigaev wrote:
> >> Fix backend crash in parsing incorrect tsquery.
>
> > Is this a security issue? Does it need a new security release?
>
> We looked at this and determined that the worst that could be done with
> it is crash the backend. Which is annoying, but if we treated every
> such bug as a security exercise then we'd be having a new release every
> week or so. Core's current policy is that we'll consider a bug worthy
> of a security release if it can be used to force execution of arbitrary
> code, access otherwise-unavailable information, etc. A simple crash is
> at worst a momentary denial of service to other DB users, and if you've
> got the ability to issue arbitrary SQL there are lots of ways to create
> denial-of-service situations of one magnitude or another.
>
> Also, recent history should impress on you the disadvantages of treating
> problems as security exercises: patches that go in without any public
> review or testing are far more likely to create new problems than those
> that go through the normal process. So setting a low bar for what
> constitutes a security issue is likely to decrease the system's overall
> reliability.
I understand. This is reasonable. I am glad that this was considered,
and weighed against the same policy as core.