Heavy security bug in 7.2.2-16?

From: Heiko Schroeder <heikos(at)foni(dot)net>
To: pgsql-novice(at)postgresql(dot)org
Subject: Heavy security bug in 7.2.2-16?
Date: 2002-12-27 02:27:21
Message-ID: 200212270327.21106.heikos@foni.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

Dear list,

as far as I have made my experiences in version 7.2.2-16 (SuSE Linux 8.1) it
is possible for *every* user which is able to create a database and/or is
able to create new users to delete a database from every other user. I did
not find any hints in the FAQ or archives.

Especially when the superuser postmaster creates a database, e.g. test, a
normal user although he is *not* the owner, if it is not denied that he can
create new databases AND that he can create new users, can delete the
database even if there are restrictions made on a table within the database
by the owner (GRANT).

I cannot find the mistake I have made, since in an older version this problem
did not occur. Thanks a lot.

Heiko
--
Heiko Schroeder
Ahrensburg, Germany
http://home.foni.net/~heikos

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message K Ramakrishna 2002-12-27 04:05:08 download postgresql for windows
Previous Message Reshat Sabiq 2002-12-25 12:07:45 Re: Moving a database-sos