Re: public schema default ACL
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Noah Misch <noah@leadboat.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>,
Stephen Frost <sfrost@snowman.net>, Magnus Hagander <magnus@hagander.net>,
"David G. Johnston" <david.g.johnston@gmail.com>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2020-11-02T17:09:22Z
Lists: pgsql-hackers
On Mon, Nov 2, 2020 at 5:51 AM Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote: > I'm not convinced, however, that this would would really move the needle > in terms of the general security-uneasiness about the public schema and > search paths. AFAICT, in any of your proposals, the default would still > be to have the public schema world-writable and in the path. Noah's proposed change to initdb appears to involve removing CREATE permission by default, so I don't think this is true. It's hard to predict how many users that might inconvenience, but I suppose it's probably a big number. On the other hand, the only alternative is to continue shipping a configuration that, by default, is potentially insecure. It's hard to decide which thing we should care more about. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 landed
-
Document security implications of search_path and the public schema.
- 5770172cb0c9 11.0 cited