"Magnus Hagander" <[EMAIL PROTECTED]> writes: > FYI, issue (1) applies to postgresql as well. It's fixed by > http://archives.postgresql.org/pgsql-patches/2005-07/msg00529.php.
Note that the equivalent exploit in Postgres would require superuser privilege (since it requires creating a C function). It's a bit hard to see it as a credible "security threat" since you already have the keys to the kingdom if superuser. I'm not totally certain about the security model in MySQL --- do they have a distinction between trusted and untrusted function languages? The document only talks about "insert privilege on mysql.func" which sounds like a one-level design... regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings