Re: public schema default ACL

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: "David G. Johnston" <david.g.johnston@gmail.com>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Stephen Frost <sfrost@snowman.net>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2018-03-24T02:47:39Z
Lists: pgsql-hackers
On Thu, Mar 08, 2018 at 11:14:59PM -0800, Noah Misch wrote:
> On Thu, Mar 08, 2018 at 02:00:23PM -0500, Robert Haas wrote:
> > I also wonder why we're all convinced that this urgently needs to be
> > changed.  I agree that the default configuration we ship is not the
> > most secure configuration that we could ship.  However, I think it's a
> > big step from saying that the configuration is not as secure as it
> > could be to saying that we absolutely must change it for v11.
> 
> Did someone say that?  I, for one, wanted to change it but didn't intend to
> present it as a "must change".

In light of the mixed reception, I am withdrawing this proposal.


Commits

  1. Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.

  2. Document security implications of search_path and the public schema.