| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | digoal(at)126(dot)com |
| Subject: | BUG #15095: schema's owner can drop object's in his schema |
| Date: | 2018-03-02 09:14:47 |
| Message-ID: | 151998208792.21241.17927301443532986481@wrigleys.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 15095
Logged by: Zhou Digoal
Email address: digoal(at)126(dot)com
PostgreSQL version: 10.2
Operating system: centos 7.x x64
Description:
Schema's owner can drop object's in his schema, I think this is an risk if
multi-user use the same schema.
exp:
```
postgres=# create database pp owner postgres;
CREATE DATABASE
postgres=# grant create on database pp to pp;
GRANT
postgres=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> create schema abc;
CREATE SCHEMA
pp=> \c pp postgres
You are now connected to database "pp" as user "postgres".
pp=# create table abc.a(id int);
CREATE TABLE
pp=# insert into abc.a values (1);
INSERT 0 1
pp=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> select * from abc.a;
ERROR: permission denied for relation a
pp=> drop table abc.a;
DROP TABLE
```
best regards,
digoal.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2018-03-02 11:42:31 | Re: BUG #15065: ActivePerl 5.24.3 breaks PG compilation on Windows |
| Previous Message | Tom Lane | 2018-03-02 04:00:10 | Re: TO_DATE Function unintended behavior when month value is greater than 12 |