Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 13F91B5DC00 for ; Fri, 20 May 2011 13:35:33 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 18533-07 for ; Fri, 20 May 2011 16:35:25 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-bw0-f46.google.com (mail-bw0-f46.google.com [209.85.214.46]) by mail.postgresql.org (Postfix) with ESMTP id 6DBFBB5D8B2 for ; Fri, 20 May 2011 13:35:25 -0300 (ADT) Received: by bwz15 with SMTP id 15so3104425bwz.19 for ; Fri, 20 May 2011 09:35:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=x313eTAqSs5g6nvPfwaqRL+MIXsH/NwEwkWig4jLwxc=; b=GoKxXSaZIIIaYiIG0MzlSy3GVdpJovutWEiXhzEkNQnPTJXsH0AoqDobenOt7djmeL LNoiB3gtraxsjKFy9McnSypvW68DMZ4sV8cftMgP3AKqRyfrHOx8eopzfPVZZdMw1tnG KTb8/vnWONTQ7IDObz2qAHAZGf2jkrkm9a/3c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=wtXztqZwvAd0MQeWM6v68YpVT0nEfc1FrW8GXQyVWxQVBYHtQYi8pBh8noEBLNtO8j 26fDGgkU9AjjYalsR9k38cLNjRNyVlXyAGBtiJK6JNc6wrMMGZKDHizjRLwtqyQGG9tS U1LKKJ376RX7yGWqHuCAtBn7MCKqTTvQFYETo= MIME-Version: 1.0 Received: by 10.204.47.103 with SMTP id m39mr3975965bkf.4.1305909324076; Fri, 20 May 2011 09:35:24 -0700 (PDT) Received: by 10.204.39.140 with HTTP; Fri, 20 May 2011 09:35:24 -0700 (PDT) In-Reply-To: <4DD69445.3070507@lelarge.info> References: <4DD69445.3070507@lelarge.info> Date: Fri, 20 May 2011 12:35:24 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Derrick Rice To: Guillaume Lelarge Cc: pgsql-docs@postgresql.org Content-Type: multipart/alternative; boundary=00504502e37f5ed5c104a3b7b529 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.897 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RFC_ABUSE_POST=0.001 X-Spam-Level: X-Archive-Number: 201105/74 X-Sequence-Number: 6749 --00504502e37f5ed5c104a3b7b529 Content-Type: text/plain; charset=ISO-8859-1 On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge wrote: > Well, for a specific object, any superuser, the database owner, the > schema owner, and the object owner could drop the object. This is not a > vulnerability. > It is not documented clearly. Any information not made clear is an opportunity for an error which leads to a vulnerability. It is not a vulnerability in postgresql itself. It is a vulnerability in an ill-designed system, which can come about due to misinformation / lack of clarity. Putting your first sentence ("For a specific object, any superuser, the database owner, the schema owner, and the object owner could drop the object.") in the documentation would remove the opportunity for error. --00504502e37f5ed5c104a3b7b529 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Fri, May 20, 2011 at 12:18 PM, Guilla= ume Lelarge <guillaume@lelarge.info> wrote:

Well, for a specific object, any superuser, the database ow= ner, the
schema owner, and the object owner could drop the object. This is not a
vulnerability.

It is not documented clearly.=A0= Any information not made clear is an opportunity for an error which leads = to a vulnerability.

It is not a vulnerability in postgresql itself.= =A0 It is a vulnerability in an ill-designed system, which can come about d= ue to misinformation / lack of clarity.

Putting your first sentence ("For a specific object, any superuser= , the database owner, the schema owner, and the object owner could drop the= object.") in the documentation would remove the opportunity for error= .
--00504502e37f5ed5c104a3b7b529--