From: | pgsql-bugs(at)postgresql(dot)org |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Bug #438: New users inherit permissions from dropped users |
Date: | 2001-09-06 05:04:50 |
Message-ID: | 200109060504.f8654oQ57267@hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Sverre H. Huseby (shh(at)thathost(dot)com) reports a bug with a severity of 2
The lower the number the more severe it is.
Short Description
New users inherit permissions from dropped users
Long Description
I discovered the following problem on my PostgreSQL 7.1.3
installation. Hopefully, you will be able to reproduce it. Summary:
A new user will inherit permissions from a dropped user.
Create a test database, connect to it:
template1=# create database bug;
CREATE DATABASE
template1=# \c bug
You are now connected to database bug.
Make a test table, and show all permissions:
bug=# create table bugtable ( foo integer );
CREATE
bug=# \dp
Access permissions for database "bug"
Relation | Access permissions
----------+--------------------
bugtable |
(1 row)
Now create a test user, and show the permissions again:
bug=# create user buguser with password 'foo';
CREATE USER
bug=# \dp
Access permissions for database "bug"
Relation | Access permissions
----------+--------------------
bugtable |
(1 row)
Looks good. The new user has no access rights to our database tables.
Now grant him everything on the test table:
bug=# grant all on bugtable to buguser;
CHANGE
bug=# \dp
Access permissions for database "bug"
Relation | Access permissions
----------+--------------------------------------
bugtable | {"=","sverrehu=arwR","buguser=arwR"}
(1 row)
Well, looks quite OK. A couple of other entries suddenly appears too,
but well, don't know if that's related to the problem.
Now remove this user, and show some strange permissions:
bug=# drop user buguser;
DROP USER
bug=# \dp
Access permissions for database "bug"
Relation | Access permissions
----------+---------------------------------
bugtable | {"=","sverrehu=arwR","30=arwR"}
(1 row)
Hah! What's that? Doesn't look good. But it gets worse: Now we
create a new user without giving him any permissions:
bug=# create user newuser;
CREATE USER
bug=# \dp
Access permissions for database "bug"
Relation | Access permissions
----------+--------------------------------------
bugtable | {"=","sverrehu=arwR","newuser=arwR"}
(1 row)
The user inherited all permissions from the deleted user! Seems like
a security problem to me...
Sample Code
No file was uploaded with this report
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Smith | 2001-09-06 06:05:31 | Unexpected behaviour (7.13, FreeBSD) |
Previous Message | johan27 | 2001-09-05 22:42:57 | I have a serious problem with hanging backends. |