From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Noah Misch <noah(at)leadboat(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas |
Date: | 2022-11-29 19:22:59 |
Message-ID: | CA+TgmoYUHsfp90inEMAP0yNr7Y_L6EphPH1YOon1JKtBztXHyQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
On Fri, Sep 10, 2021 at 2:39 AM Noah Misch <noah(at)leadboat(dot)com> wrote:
> Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
>
> This switches the default ACL to what the documentation has recommended
> since CVE-2018-1058. Upgrades will carry forward any old ownership and
> ACL. Sites that declined the 2018 recommendation should take a fresh
> look. Recipes for commissioning a new database cluster from scratch may
> need to create a schema, grant more privileges, etc. Out-of-tree test
> suites may require such updates.
I was looking at the changes that this commit made to ddl.sgml today
and I feel that it's not quite ideal. Under "Constrain ordinary users
to user-private schemas" it first says "To implement this, first issue
<literal>REVOKE CREATE ON SCHEMA public FROM PUBLIC</literal>" and
then later says, oh but wait, you actually don't need to do that
unless you're upgrading. That seems a bit backwards to me: I think we
should talk about the current state of play first, and then add the
notes about upgrading afterwards.
Here's a proposed patch to do that.
--
Robert Haas
EDB: http://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
ddl-create-public-reorg.patch | application/octet-stream | 110 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-11-29 19:31:59 | Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas |
Previous Message | Tom Lane | 2022-11-29 16:46:47 | pgsql: Prevent clobbering of utility statements in SQL function caches. |
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-11-29 19:31:59 | Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas |
Previous Message | SATYANARAYANA NARLAPURAM | 2022-11-29 19:20:19 | Re: An attempt to avoid locally-committed-but-not-replicated-to-standby-transactions in synchronous replication |