| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: public schema default ACL |
| Date: | 2020-11-02 17:09:22 |
| Message-ID: | CA+TgmoaODqUvvU8HV-dYNfwQhYUu9nxo_WX4aCzeniKT2fx-jw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Nov 2, 2020 at 5:51 AM Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> I'm not convinced, however, that this would would really move the needle
> in terms of the general security-uneasiness about the public schema and
> search paths. AFAICT, in any of your proposals, the default would still
> be to have the public schema world-writable and in the path.
Noah's proposed change to initdb appears to involve removing CREATE
permission by default, so I don't think this is true.
It's hard to predict how many users that might inconvenience, but I
suppose it's probably a big number. On the other hand, the only
alternative is to continue shipping a configuration that, by default,
is potentially insecure. It's hard to decide which thing we should
care more about.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2020-11-02 17:14:26 | Re: Add table AM 'tid_visible' |
| Previous Message | Matthias van de Meent | 2020-11-02 16:53:12 | Re: libpq compression |