[Bugs] [Bug 1319740] Tiering is not resistant to SQL-injection

bugzilla at redhat.com bugzilla at redhat.com
Mon Mar 21 16:30:41 UTC 2016


https://bugzilla.redhat.com/show_bug.cgi?id=1319740



--- Comment #4 from Jeff Darcy <jdarcy at redhat.com> ---
The more I look at this, the less convinced I am that it's real.  For one
thing, the test script is manipulating files in the current directory, not the
mounted GlusterFS directory.  The 'failures' seem more related to bash quoting
issues than anything else.  Once those are fixed, I see the same behavior for a
GlusterFS mount as for a local filesystem, and no evidence that anything is
amiss.  We are using sqlite3_prepare/sqlite3_bind which should not be subject
to injection issues in the first place.  Has anyone looked directly at the
database files to see if those tables really were dropped?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list