The following bug has been logged online:
Bug reference: 1113
Logged by: Oliver Elphick
Email address: postgresql(at)packages(dot)debian(dot)org
PostgreSQL version: 7.4
Operating system: Debian Linux
Description: Default template databases grant CREATE to PUBLIC
The default database created by initdb (in template0 and template1) grants
CREATE permission on the public schema to PUBLIC. Therefore any user is
able to create a table or function, including a function that can bring down
the machine by (for example) recursively calling itself. By default, any
user can create objects in template1, as well.
The default should be for CREATE permissions on the public schema to be
revoked from PUBLICc.
This might break old applications which have not been updated to take
account of schemas; the workaround for them would be to grant permissions in
template1.public as appropriate.
Debian bug ref: #239811
pgsql-bugs by date
|Next:||From: PostgreSQL Bugs List||Date: 2004-03-24 15:47:35|
|Subject: BUG #1114: REVOKE done by non-privileged user claims success|
|Previous:||From: CoL||Date: 2004-03-24 12:39:19|
|Subject: Re: BUG #1112: round(float-type does not work)|