Re: public schema default ACL
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Noah Misch <noah@leadboat.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Cc: Stephen Frost <sfrost@snowman.net>, Magnus Hagander
<magnus@hagander.net>, "David G. Johnston" <david.g.johnston@gmail.com>,
Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>,
Robert Haas <robertmhaas@gmail.com>
Date: 2020-11-02T10:51:28Z
Lists: pgsql-hackers
On 2020-10-31 17:35, Noah Misch wrote: > Overall, that's 3.2 votes for (b)(3)(X) and 0.0 to 1.0 votes for changing > nothing. That suffices to proceed with (b)(3)(X). However, given the few > votes and the conspicuous non-responses, work in this area has a high risk of > failure. Hence, I will place it at a low-priority position in my queue. My vote would also be (b)(3)(X). Allowing the database owner to manage the public schema within their database makes a lot of sense, independent of any overarching goals. I'm not convinced, however, that this would would really move the needle in terms of the general security-uneasiness about the public schema and search paths. AFAICT, in any of your proposals, the default would still be to have the public schema world-writable and in the path. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 landed
-
Document security implications of search_path and the public schema.
- 5770172cb0c9 11.0 cited