On Tue, 20 Aug 2002, Justin Clift wrote: > Vince, > > Do you reckon it's worth you responding to "Sir Mordred" and pointing > out that he overstated the vulnerability?
Not me. Tom (pref) or Marc would be the proper respondent. > > :-) > > Regards and best wishes, > > Justin Clift > > > Tom Lane wrote: > > > > Justin Clift <[EMAIL PROTECTED]> writes: > > > Glad he made the advisory for something there's a fix for. :) > > > > The claim that this bug allows execution of arbitrary code is bogus anyway. > > The overflow at INT_MIN will clobber the stack, yes, but in an absolutely > > predetermined way; an attacker will have no opportunity to insert code > > of his choosing. > > > > regards, tom lane > > Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] http://www.pop4.net 56K Nationwide Dialup from $16.00/mo at Pop4 Networking http://www.camping-usa.com http://www.cloudninegifts.com http://www.meanstreamradio.com http://www.unknown-artists.com ========================================================================== ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]