From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Cc: | digoal(at)126(dot)com |
Subject: | BUG #15095: schema's owner can drop object's in his schema |
Date: | 2018-03-02 09:14:47 |
Message-ID: | 151998208792.21241.17927301443532986481@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 15095
Logged by: Zhou Digoal
Email address: digoal(at)126(dot)com
PostgreSQL version: 10.2
Operating system: centos 7.x x64
Description:
Schema's owner can drop object's in his schema, I think this is an risk if
multi-user use the same schema.
exp:
```
postgres=# create database pp owner postgres;
CREATE DATABASE
postgres=# grant create on database pp to pp;
GRANT
postgres=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> create schema abc;
CREATE SCHEMA
pp=> \c pp postgres
You are now connected to database "pp" as user "postgres".
pp=# create table abc.a(id int);
CREATE TABLE
pp=# insert into abc.a values (1);
INSERT 0 1
pp=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> select * from abc.a;
ERROR: permission denied for relation a
pp=> drop table abc.a;
DROP TABLE
```
best regards,
digoal.
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2018-03-02 11:42:31 | Re: BUG #15065: ActivePerl 5.24.3 breaks PG compilation on Windows |
Previous Message | Tom Lane | 2018-03-02 04:00:10 | Re: TO_DATE Function unintended behavior when month value is greater than 12 |