Skip site navigation (1) Skip section navigation (2)

RE: User administration tool

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Matthew <matt(at)ctlno(dot)com>
Cc: "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org>
Subject: RE: User administration tool
Date: 2001-03-30 15:28:33
Message-ID: Pine.LNX.4.30.0103301726210.1063-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackers
Matthew writes:

> 	semi related to this, I have always thought that the way postgresql
> handles the deletion of users and groups to be flawed.  If I create a user,
> grant permissions on a table and then drop the user, permissions now exist
> on that table for a user that does not exist.

Unfortunately it is not possible to prevent this with anything approaching
ease, in the same way that userdel on Unix can't scan all file systems for
some to-be-stale files before removing users.

> I see this as a possible security flaw since a new user can then be
> created with the user id of the ID user and have all the permissions
> that might have ever been assigned to that old user.

This will be fixed in 7.2 when Oids will be used as user ids.  Of course
Oids can wrap, but that's another days project...

-- 
Peter Eisentraut      peter_e(at)gmx(dot)net       http://yi.org/peter-e/


In response to

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2001-03-30 15:38:31
Subject: Re: testing last sanpshot in QNX platform
Previous:From: Zeugswetter Andreas SBDate: 2001-03-30 15:25:39
Subject: AW: AW: Re: [SQL] possible row locking bug in 7.0.3 & 7.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group