Home > mailing lists

BUG #1113: Default template databases grant CREATE to PUBLIC - Mailing list pgsql-bugs

From	PostgreSQL Bugs List
Subject	BUG #1113: Default template databases grant CREATE to PUBLIC
Date	March 24, 2004 14:40:40
Msg-id	20040324154033.8AE4CCF50CE@www.postgresql.com Whole thread Raw
Responses	Re: BUG #1113: Default template databases grant CREATE to PUBLIC
List	pgsql-bugs

Tree view

The following bug has been logged online:

Bug reference:      1113
Logged by:          Oliver Elphick

Email address:      postgresql@packages.debian.org

PostgreSQL version: 7.4

Operating system:   Debian Linux

Description:        Default template databases grant CREATE to PUBLIC

Details:

The default database created by initdb (in template0 and template1) grants
CREATE permission on the public schema to PUBLIC.  Therefore any user is
able to create a table or function, including a function that can bring down
the machine by (for example) recursively calling itself.  By default, any
user can create objects in template1, as well.

The default should be for CREATE permissions on the public schema to be
revoked from PUBLICc.

This might break old applications which have not been updated to take
account of schemas; the workaround for them would be to grant permissions in
template1.public as appropriate.

Debian bug ref: #239811

pgsql-bugs by date:

From: "PostgreSQL Bugs List"
Date: 24 March 2004, 08:52:40
Subject: BUG #1112: round(float-type does not work)

From: "PostgreSQL Bugs List"
Date: 24 March 2004, 14:47:41
Subject: BUG #1114: REVOKE done by non-privileged user claims success

BUG #1113: Default template databases grant CREATE to PUBLIC - Mailing list pgsql-bugs

Previous

Next