Re: PG16.1 security breach? - David G. Johnston

public inbox for [email protected]  
help / color / mirror / Atom feed

From: David G. Johnston <[email protected]>
To: Ron Johnson <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: PG16.1 security breach?
Date: Wed, 12 Jun 2024 15:08:14 -0700
Message-ID: <CAKFQuwZ_ftX30SY4b7=hFW97gJUDnxkLYRw22LdpwDpvLMGgMg@mail.gmail.com> (raw)
In-Reply-To: <CANzqJaCZ_+UKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA@mail.gmail.com>
References: <GV0P278MB00996776669F54A7EADB64688BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
	<[email protected]>
	<GV0P278MB00993C93868025F89845F58D8BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
	<[email protected]>
	<CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com>
	<[email protected]>
	<CAKFQuwbtQzCnXyaRdxeXOqEWszYoQqZiJwdy41X1bH_=cJK-ug@mail.gmail.com>
	<CANzqJaCZ_+UKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA@mail.gmail.com>

On Wed, Jun 12, 2024 at 2:37 PM Ron Johnson <[email protected]> wrote:

> On Wed, Jun 12, 2024 at 4:36 PM David G. Johnston <
> [email protected]> wrote:
>
>> On Mon, Jun 10, 2024 at 2:21 AM Laurenz Albe <[email protected]>
>> wrote:
>>
>>> > How is it that the default privilege granted to public doesn’t seem to
>>> care who the object creator
>>> > is yet when revoking the grant one supposedly can only do so within
>>> the scope of a single role?
>>>
>>> I don't understand what you wrote.  ALTER DEFAULT PRIVILEGES also only
>>> applies to objects
>>> created by a single role when you grant default privileges.
>>>
>>>
>> I think my point is that a paragraph like the following may be a useful
>> addition:
>>
>> If one wishes to remove the default privilege granted to public to
>> execute all newly created procedures it is necessary to revoke that
>> privilege for every superuser in the system
>>
>
> That seems... excessive.  You can revoke other privs from public (can't
> you?), so why seemingly only do procedures/functions have this difficulty.
>
>
Neither domain, language, nor type seem problematic.  Which just leave
connect and temp on databases which indeed have a similar issue but also
the number of roles with createdb is likely significantly fewer than those
with create on schema.

David J.

view thread (5+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: PG16.1 security breach?
  In-Reply-To: <CAKFQuwZ_ftX30SY4b7=hFW97gJUDnxkLYRw22LdpwDpvLMGgMg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox