From: | Olegs Jeremejevs <olegs(at)jeremejevs(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |
Date: | 2018-02-17 20:48:14 |
Message-ID: | CAOpVyVvC1ie2DE9BZN1ve_MxjKAgHyizjs1k-6Y2EkFdzu8jOw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Okay, in other words, there's no way to completely defend oneself from DoS
attacks which require having a session? If so, is there a scenario where
some bad actor can create a new user for themselves (to connect to the
database with), and not be able to do anything more damaging than that? For
example, if I can do an SQL injection, then I can do something more clever
than running a CREATE ROLE. And if not, then there's no point in worrying
about privileges in a single-tenant database? Beyond human error safeguards.
Olegs
On Sat, Feb 17, 2018 at 10:08 PM, David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Saturday, February 17, 2018, Olegs Jeremejevs <olegs(at)jeremejevs(dot)com>
> wrote:
>
>> Thanks for the reply.
>>
>> > I'm not sure whether you are really being limited/forced here or if
>> you are thinking that having CREATE and USAGE on a schema is more powerful
>> than it is...
>>
>> As far as I know, having these permissions has a DoS potential, though,
>> admittedly, negligible, if the rest of the database is secured properly.
>> Just wanted to play safe and revoke them.
>>
>
> To an extent it is possible to DoS so long as you have a session and
> access to pg_catalog. Having create and usage on public doesn't
> meaningfully (if at all) expand the risk surface area. Default also
> provides for creating temporary tables.
>
> David J.
>
From | Date | Subject | |
---|---|---|---|
Next Message | Tim Clarke | 2018-02-17 21:37:48 | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |
Previous Message | David G. Johnston | 2018-02-17 20:08:14 | Re: Rationale for PUBLIC having CREATE and USAGE privileges on the schema "public" by default |