On 19 Dec 2018, at 6:19pm, Jens Alfke <[email protected]> wrote: > 2. Mallory uses something like the ’sqlite3’ tool to open the database and > execute a CREATE TRIGGER statement whose trigger SQL exploits a vulnerability > to do something nasty like remote code execution.
I'm not sure how you would do that purely inside a trigger. You can't just specially craft a BLOB with bad content. I think it would need participation from the software making the call to the API. Simon. _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
