Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sHVf2-008Qab-HC
	for pgsql-general@arkaria.postgresql.org; Wed, 12 Jun 2024 21:37:40 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sHVf0-007kDg-AR
	for pgsql-general@arkaria.postgresql.org; Wed, 12 Jun 2024 21:37:39 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1sHVez-007kAT-T7
	for pgsql-general@lists.postgresql.org; Wed, 12 Jun 2024 21:37:38 +0000
Received: from mail-oa1-x31.google.com ([2001:4860:4864:20::31])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1sHVey-001Ly7-Ai
	for pgsql-general@lists.postgresql.org; Wed, 12 Jun 2024 21:37:38 +0000
Received: by mail-oa1-x31.google.com with SMTP id 586e51a60fabf-254fa9fe36eso102855fac.2
        for <pgsql-general@lists.postgresql.org>; Wed, 12 Jun 2024 14:37:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718228254; x=1718833054; darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=/+aTpwYCy4RSqq4HMna/pYYH12A/jd+zz8k85GeyS/M=;
        b=bcYuLxmZOK/bTA1+Y7QD9q4Hvw1HrPSpJyE7lRSsPHvBgXGy7y6QnigcPmeiEm7e+W
         f9CdPl8UxnQRZ72ioZ45RK5Q0R6FyhdeaVq/GAoS33UOXHKBBCiQHNhgGdZm6/Y7ayL+
         6lhZ2wKhwR9K2x855uoVCvwl1uqyKU9iS8SQIkd0aOB8Prp8LXjdD1FtgGVEm8sN8qbm
         o1Yi5674Zr/JZjyRKhrHeVndmxYSlFFuECeyobpQJKG+w5t7I64oGEX0eax9SXg9whh9
         lCpek1yekvZ1BacX02zbHW4RXQP7wmAfOXpuhYh28Cy6t3DbAPpOCd6IE8VhJ9UY91Y6
         AW0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718228254; x=1718833054;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=/+aTpwYCy4RSqq4HMna/pYYH12A/jd+zz8k85GeyS/M=;
        b=H4JL8j+bDKAMiFQ2JIiINjjYDCGt2f3wpaSTTPiRvToA3zNjDNtjLzL+AiCHJN14a7
         8+q3viUGhqqKSCQhQESwnPh52KL7CBRmmGPktBBbGRaomAoD4mSy+hNY8jU0O+bLiiPB
         mptM+mswwGz6Z7gs7w54TvQEtAF75tv+Wf3wxBqwzNxPRStzSSrNMWtcfIArHiqSqUGx
         xrTjgFi19zyGa2a7YqW+rGL0mAGbuDl/Z6+vNxL+jSAzvFTrfyqnrEqWNndLh/3WPK+y
         AU6fYPgYgzMMJMmeAkwNwRNikT7Tb7dNNEzUqWaY0hpPaq2WRf1LtfqknK2kQiDE4qUb
         Tf9A==
X-Gm-Message-State: AOJu0YweoSe/pKYjLU2z7BlrLnPqB/xwIvblW2dbec09OBDOS1s3XsGY
	SKTSM4FRyyRaMBsXa5CxJijRS/BxJnnvByrvEEn5sgdANVXkRJrCJG0NcvBsEnXsPdYMjtfN5N9
	2I96z1HvF4cZrFo+aGAo0wVAhiPbjkw==
X-Google-Smtp-Source: AGHT+IEyeZbE5AwMuodVUTeIgYNVKT0EtlQW3vb8bHCZbMW+hO/uNkJBO47cJabCyFTiv5Gvgt+m+EFUyDxmvUd+9Es=
X-Received: by 2002:a05:6871:3a2a:b0:24c:b5bc:dd1b with SMTP id
 586e51a60fabf-25514c91e86mr3187951fac.23.1718228254035; Wed, 12 Jun 2024
 14:37:34 -0700 (PDT)
MIME-Version: 1.0
References: <GV0P278MB00996776669F54A7EADB64688BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
 <8c533be4-5ed8-4658-86b6-212fb2d4d1a3@joeconway.com> <GV0P278MB00993C93868025F89845F58D8BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
 <6d223a4891287cfb08b720103faef2da1b5719f3.camel@cybertec.at>
 <CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com>
 <416045c0e7deac5b9f25e5fc89beec2a702a0b4c.camel@cybertec.at> <CAKFQuwbtQzCnXyaRdxeXOqEWszYoQqZiJwdy41X1bH_=cJK-ug@mail.gmail.com>
In-Reply-To: <CAKFQuwbtQzCnXyaRdxeXOqEWszYoQqZiJwdy41X1bH_=cJK-ug@mail.gmail.com>
From: Ron Johnson <ronljohnsonjr@gmail.com>
Date: Wed, 12 Jun 2024 17:37:22 -0400
Message-ID: <CANzqJaCZ_+UKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA@mail.gmail.com>
Subject: Re: PG16.1 security breach?
To: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000b99754061ab83084"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CANzqJaCZ_%2BUKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA%40mail.gmail.com>
Precedence: bulk

--000000000000b99754061ab83084
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 12, 2024 at 4:36=E2=80=AFPM David G. Johnston <
david.g.johnston@gmail.com> wrote:

> On Mon, Jun 10, 2024 at 2:21=E2=80=AFAM Laurenz Albe <laurenz.albe@cybert=
ec.at>
> wrote:
>
>> > How is it that the default privilege granted to public doesn=E2=80=99t=
 seem to
>> care who the object creator
>> > is yet when revoking the grant one supposedly can only do so within th=
e
>> scope of a single role?
>>
>> I don't understand what you wrote.  ALTER DEFAULT PRIVILEGES also only
>> applies to objects
>> created by a single role when you grant default privileges.
>>
>>
> I think my point is that a paragraph like the following may be a useful
> addition:
>
> If one wishes to remove the default privilege granted to public to execut=
e
> all newly created procedures it is necessary to revoke that privilege for
> every superuser in the system
>

That seems... excessive.  You can revoke other privs from public (can't
you?), so why seemingly only do procedures/functions have this difficulty.

--000000000000b99754061ab83084
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Wed, Jun 12, 2024 at 4:36=E2=80=AFPM D=
avid G. Johnston &lt;<a href=3D"mailto:david.g.johnston@gmail.com">david.g.=
johnston@gmail.com</a>&gt; wrote:<br></div><div class=3D"gmail_quote"><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:=
1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"l=
tr"><div style=3D"font-family:arial,helvetica,sans-serif"><span style=3D"fo=
nt-family:Arial,Helvetica,sans-serif">On Mon, Jun 10, 2024 at 2:21=E2=80=AF=
AM Laurenz Albe &lt;<a href=3D"mailto:laurenz.albe@cybertec.at" target=3D"_=
blank">laurenz.albe@cybertec.at</a>&gt; wrote:</span><br></div></div><div c=
lass=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">&gt;=
 How is it that the default privilege granted to public doesn=E2=80=99t see=
m to care who the object creator<br>
&gt; is yet when revoking the grant one supposedly can only do so within th=
e scope of a single role?<br>
<br>
I don&#39;t understand what you wrote.=C2=A0 ALTER DEFAULT PRIVILEGES also =
only applies to objects<br>
created by a single role when you grant default privileges.<br><br></blockq=
uote><div><br></div><div style=3D"font-family:arial,helvetica,sans-serif">I=
 think my point is that a paragraph like the following may be a useful addi=
tion:</div><div style=3D"font-family:arial,helvetica,sans-serif"><br></div>=
<div style=3D"font-family:arial,helvetica,sans-serif">If one wishes to remo=
ve the default privilege granted to public to execute all newly created pro=
cedures it is necessary to revoke that privilege for every superuser in the=
 system</div></div></div></blockquote><div><br></div><div>That seems... exc=
essive.=C2=A0 You can revoke other privs from public=C2=A0(can&#39;t you?),=
 so why seemingly only do procedures/functions have this difficulty.</div><=
div><br></div></div></div>

--000000000000b99754061ab83084--