If you follow his advice:
<blockquote><i>
Do you still running postgresql? ...Can't believe that...
If so, execute the following command as a root: "killall -9
postmaster"</i></blockquote>
you will in all likeliness corrupt your database. Never kill -KILL your postmaster.
<p>As far as the problems he's been asked to post the bugs to the group so they can fix them before he posts them to bugtraq. He say he'll cooperate.
<p>As to the actual risk to your systems, I do hope that no one here exposes their database to the outside world on the internet without enabling password protection for the database????
<p>When I run PG on the same server as AOLserver I don't even start postmaster with "-i".
<p>Whether or not these bugs can be turned into exploits is debatable, however if anyone exposes their RDBMS to the outside world without password protection their stupidity isn't debatable at all.
<p>These will all be fixed in PG 7.3 for sure.
