| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: PG16.1 security breach? |
| Date: | 2024-06-12 21:37:22 |
| Message-ID: | CANzqJaCZ_+UKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jun 12, 2024 at 4:36 PM David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Mon, Jun 10, 2024 at 2:21 AM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
> wrote:
>
>> > How is it that the default privilege granted to public doesn’t seem to
>> care who the object creator
>> > is yet when revoking the grant one supposedly can only do so within the
>> scope of a single role?
>>
>> I don't understand what you wrote. ALTER DEFAULT PRIVILEGES also only
>> applies to objects
>> created by a single role when you grant default privileges.
>>
>>
> I think my point is that a paragraph like the following may be a useful
> addition:
>
> If one wishes to remove the default privilege granted to public to execute
> all newly created procedures it is necessary to revoke that privilege for
> every superuser in the system
>
That seems... excessive. You can revoke other privs from public (can't
you?), so why seemingly only do procedures/functions have this difficulty.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2024-06-12 21:48:26 | Re: UPDATE with multiple WHERE conditions |
| Previous Message | Rich Shepard | 2024-06-12 21:36:51 | Re: Defining columns for INSERT statements |