Skip site navigation (1) Skip section navigation (2)

pg_largeobject is a security hole

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-hackers(at)postgreSQL(dot)org
Subject: pg_largeobject is a security hole
Date: 2001-06-27 16:27:49
Message-ID: 8703.993659269@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
I propose that initdb should do
	REVOKE ALL on pg_largeobject FROM public
same as it does already for pg_shadow and pg_statistic.  This would
prevent non-superusers from examining or modifying large objects
except through the LO operations.

This is only security through obscurity, of course, since any user can
still read or modify another user's LO if he can guess its OID.  But
security through obscurity is better than no security at all.  (Perhaps
someday the LO operations will be enhanced to perform access-rights
checks.  I have no interest in doing that work right now, however.)

			regards, tom lane

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2001-06-27 16:29:51
Subject: Re: Re: 7.2 items
Previous:From: Frank Ch. EiglerDate: 2001-06-27 16:27:08
Subject: Re: Re: Encrypting pg_shadow passwords

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group