Return-Path: pg_adm@postgres.berkeley.edu Received: by postgres.Berkeley.EDU (5.61/1.29) id AA13052; Wed, 6 May 92 00:27:23 -0700 Date: Wed, 6 May 92 00:27:23 -0700 Message-Id: <9205060727.AA13052@postgres.Berkeley.EDU> From: djones%super@uunet.UU.NET Subject: Security, Ports, and abstime bugs To: postgres@postgres.berkeley.edu Sender: pg_adm@postgres.berkeley.edu Postgressians, First a note of confirmation of the previous security problem posting. On Sun (SPARC2,IPC) SunOS (4.1.1, 4.1.1B, 4.1.2) *any* user can do the following: /usr/postgres/bin/monitor foo and proceed to mung the database foo. I don't know about other platforms, but it is a serious detriment to doing "real" work with postgres. Anyone can maliciously delete all of your data. Is there any chance this will be fixed in the upcoming release? Second, I have re-written/ported libpq to MSDOS using the FTP Software network libraries - is there any interest in the code? (There are *precisely* four network related calls in the whole library now - the next step is to convert those 4 to the appropriate API calls so that we'll have a Windows 3.x DLL library - any volunteers to help?) Third, is anything being done to make the abstime functions and input parse a bit more consistent? abstime won't even swallow it's own output, which can cause no end of problems when programming interfaces to postgres. Incidentally, for a good time try this: > % monitor > Welcome to the C POSTGRES terminal monitor > > Go > * create junk (date=abstime)\g > > Query sent to backend is "create junk (date=abstime)" > CREATE > Go > * append junk (date = "Jan 1 21:11:11 1992"::abstime)\g > > Query sent to backend is "append junk (date = "Jan 1 21:11:11 1992"::abstime)" > APPEND > Go > * retrieve (junk.all)\g > > Query sent to backend is "retrieve (junk.all)" > --------------- > | date | > --------------- > | Jan 1 00:11:11 1992 MDT| > --------------- So where did the 21 hours go???? And Jan 1 is in MST not MDT. Does this only happen on Suns or is it a more general "feature"? A less drastic but related feature happens any time one crosses the daylight/standard time boundry - an hour is added/subtracted but the time is still reputed to be in the current daylight/standard format. Thanks for any enlightenment. Dr. Daniel L. Jones Chief Scientist - Jones Technologies Inc. djones@jones.com