Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sFahP-003kd9-Ka for pgsql-general@arkaria.postgresql.org; Fri, 07 Jun 2024 14:36:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sFahN-00CZAl-Tz for pgsql-general@arkaria.postgresql.org; Fri, 07 Jun 2024 14:36:10 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sFahN-00CZAa-2W for pgsql-general@lists.postgresql.org; Fri, 07 Jun 2024 14:36:10 +0000 Received: from wfhigh5-smtp.messagingengine.com ([64.147.123.156]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sFahG-000App-ML for pgsql-general@lists.postgresql.org; Fri, 07 Jun 2024 14:36:08 +0000 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.west.internal (Postfix) with ESMTP id 4BF561800118; Fri, 7 Jun 2024 10:36:00 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Fri, 07 Jun 2024 10:36:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1717770959; x=1717857359; bh=sN+/5CD8dxz54T13ZZsPUC0YGuXEtycLUXXwuC1GHeI=; b= k32jf0zbxnSFxihd3VXVRIkkXouffphxUrTdsSB9aOMQ8i4VWENf8mIdgY400T14 rEho+19yoxT1Gc3QsOxaBodK6ud84sSSH1ICK9gdJZQwfgtrRbW/ftxzbs6wvLUV +z43Bq20VH7niuyF61qM3atuT2FIiszZFllO3nKhem7/b1Fs6LalADi5GWfTCW7h POqDDvkyp2DselVkhDrOxlT0aCxwPD+MKKuDD3yd8HHwMnhHNN2hLigpPe7EluIw +or40PC7ilnZSabctzL2Kkz5yQ+QUVIldE+JqFJQh5Cf0HIs3lagR41YWJoWBYWb 7rHi1vrKkJdKJY955hyloQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1717770959; x= 1717857359; bh=sN+/5CD8dxz54T13ZZsPUC0YGuXEtycLUXXwuC1GHeI=; b=p SfJjy5DBUysYtNBhb4jePYuIIjSzCrDK+M4zpDIjnACnrqtB+CRdr7yDSyI6MxuE 6SR89qHORjQ2j9Rc0zeFS3I4DN5L5RHm203X6GTeqiAvBdCzbxTJ73OAWnbCKf1t drIOg3Zn5nD9z0sM90h6nLSzxBXTuoTJR9otv2GFAoroB7OubMLIpMS/6fzllIfQ o4nhYrDYBXdiclCuCLXmznTZNn2mjn0DpGaVzBatuKdajC6A2aJZy1SBSWhLam80 BkKIzD3JWnCUxw1iz5lvkAMlHZLYOX+QMxnjyBy/lBvfE5n7vlcEnSCb7ZIvHYhI Zb2xJ/Q3uZYgI2BU9CmRg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrfedtuddgheegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvfhfhjggtgfesthekredttddvjeenucfhrhhomheptegurhhi rghnucfmlhgrvhgvrhcuoegrughrihgrnhdrkhhlrghvvghrsegrkhhlrghvvghrrdgtoh hmqeenucggtffrrghtthgvrhhnpeelgeevkeekkeeuiefgtdevieeluefhfedufeetkeej ffekjeeujeehgeehgeektdenucffohhmrghinhepphhoshhtghhrvghsqhhlrdhorhhgne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprggurhhi rghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomh X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 7 Jun 2024 10:35:59 -0400 (EDT) Message-ID: <97b9b4c3-fb20-47e6-ba7f-e1d874ba2531@aklaver.com> Date: Fri, 7 Jun 2024 07:35:58 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: AW: [Extern] Re: PG16.1 security breach? To: "Zwettler Markus (OIZ)" , Joe Conway , "pgsql-general@lists.postgresql.org" References: <8c533be4-5ed8-4658-86b6-212fb2d4d1a3@joeconway.com> Content-Language: en-US From: Adrian Klaver In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 6/7/24 06:54, Zwettler Markus (OIZ) wrote: >> -----Ursprüngliche Nachricht----- >> Von: Joe Conway >> Gesendet: Freitag, 7. Juni 2024 15:22 >> An: Zwettler Markus (OIZ) ; pgsql- >> general@lists.postgresql.org >> Betreff: [Extern] Re: PG16.1 security breach? >> >> On 6/7/24 07:04, Zwettler Markus (OIZ) wrote: > > Argh. No! What a bad habit! > > Might be good idea for an enhancement request to create a global parameter to disable this habit. Read this https://www.postgresql.org/docs/current/ddl-priv.html through several times, it will make things clearer. In particular the part that starts "PostgreSQL grants privileges on some types of objects to PUBLIC by default when the objects are created. ..." > > Thanks Markus > -- Adrian Klaver adrian.klaver@aklaver.com