Received: from maia.hub.org (maia-3.hub.org [200.46.204.243])
	by mail.postgresql.org (Postfix) with ESMTP id 0C91CB5D95B
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Fri, 20 May 2011 13:54:02 -0300 (ADT)
Received: from mail.postgresql.org ([200.46.204.86])
	by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia,
	port 10024) with ESMTP id 47060-04 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Fri, 20 May 2011 16:53:54 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from spinlock.commandprompt.com (host-215.commandprompt.net
	[207.173.203.215])
	by mail.postgresql.org (Postfix) with ESMTP id 95ECEB5D832
	for <pgsql-docs@postgresql.org>; Fri, 20 May 2011 13:53:54 -0300 (ADT)
Received: from localhost (localhost [127.0.0.1])
	by spinlock.commandprompt.com (Postfix) with ESMTP id F3101348045;
	Fri, 20 May 2011 09:53:53 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at commandprompt.com
Received: from spinlock.commandprompt.com ([127.0.0.1])
	by localhost (spinlock.commandprompt.com.commandprompt.com [127.0.0.1])
	(amavisd-new, port 10024)
	with ESMTP id BwXA1Cat1n0Q; Fri, 20 May 2011 09:53:52 -0700 (PDT)
Received: from perhan.alvh.no-ip.org (unknown [200.85.213.137])
	by spinlock.commandprompt.com (Postfix) with ESMTPSA id DF108348044;
	Fri, 20 May 2011 09:53:51 -0700 (PDT)
Received: by perhan.alvh.no-ip.org (Postfix, from userid 1000)
	id B42AD6E35C; Fri, 20 May 2011 12:53:49 -0400 (CLT)
Content-Type: text/plain; charset=UTF-8
Cc: Guillaume Lelarge <guillaume@lelarge.info>,
	pgsql-docs <pgsql-docs@postgresql.org>
Subject: Re: DROP TABLE can be issued by schema owner as well as table owner
From: Alvaro Herrera <alvherre@commandprompt.com>
To: Derrick Rice <derrick.rice@gmail.com>
In-reply-to: <BANLkTimfjeEE-2EVnghk0HPynMNvMpMFmQ@mail.gmail.com>
References: <BANLkTikpQfBj8EMwjwrA1kXOF1F8J4H6Hw@mail.gmail.com>
	<4DD69445.3070507@lelarge.info>
	<BANLkTimfjeEE-2EVnghk0HPynMNvMpMFmQ@mail.gmail.com>
Date: Fri, 20 May 2011 12:53:49 -0400
Message-Id: <1305910393-sup-7762@alvh.no-ip.org>
User-Agent: Sup/git
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=-1.9 tagged_above=-5 required=5 tests=BAYES_00=-1.9
X-Spam-Level: 
X-Archive-Number: 201105/75
X-Sequence-Number: 6750

Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011:
> On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge
> <guillaume@lelarge.info>wrote:
> 
> > Well, for a specific object, any superuser, the database owner, the
> > schema owner, and the object owner could drop the object. This is not a
> > vulnerability.
> >
> 
> It is not documented clearly.  Any information not made clear is an
> opportunity for an error which leads to a vulnerability.

So we need a standard caveat stmt on all relevant pages?  Seems
reasonable to me.

-- 
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support