public inbox for [email protected]
help / color / mirror / Atom feedFrom: David G. Johnston <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: Zwettler Markus (OIZ) <[email protected]>
Cc: Joe Conway <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: PG16.1 security breach?
Date: Wed, 12 Jun 2024 13:35:21 -0700
Message-ID: <CAKFQuwbtQzCnXyaRdxeXOqEWszYoQqZiJwdy41X1bH_=cJK-ug@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <GV0P278MB00996776669F54A7EADB64688BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
<[email protected]>
<GV0P278MB00993C93868025F89845F58D8BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
<[email protected]>
<CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com>
<[email protected]>
On Mon, Jun 10, 2024 at 2:21 AM Laurenz Albe <[email protected]>
wrote:
> > How is it that the default privilege granted to public doesn’t seem to
> care who the object creator
> > is yet when revoking the grant one supposedly can only do so within the
> scope of a single role?
>
> I don't understand what you wrote. ALTER DEFAULT PRIVILEGES also only
> applies to objects
> created by a single role when you grant default privileges.
>
>
I think my point is that a paragraph like the following may be a useful
addition:
If one wishes to remove the default privilege granted to public to execute
all newly created procedures it is necessary to revoke that privilege for
every superuser in the system as well as any roles that directly have
create permission on a schema and also those that inherit a create
permission on a schema. Lastly, any new roles created in the future with
direct or indirect create permission on a schema must also be altered. In
other words, the first time a role creates a routine the default privileges
involved with that creation will including granting execute to public,
unless said default privileges have already been revoked.
Maybe generalized to any of the default privileges. I find the existing
wording to gloss over the fact that one cannot just decide up front they
want to not allow these default privileges to public once on a system-wide
basis but must continually maintain the default privileges as new roles are
added that are allowed to create different objects, directly or otherwise.
David J.
view thread (7+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: PG16.1 security breach?
In-Reply-To: <CAKFQuwbtQzCnXyaRdxeXOqEWszYoQqZiJwdy41X1bH_=cJK-ug@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox