Home > mailing lists

Re: Clarity Bug for Schema Permissions, Potential Vulnerability? - Mailing list pgsql-bugs

From	David G. Johnston
Subject	Re: Clarity Bug for Schema Permissions, Potential Vulnerability?
Date	May 6, 2020 16:13:59
Msg-id	CAKFQuwY4PU5bews3XK4czceVnkmFzwEXDvP9nDDCwkiQoFipLw@mail.gmail.com Whole thread Raw
In response to	Clarity Bug for Schema Permissions, Potential Vulnerability? (Justis Lincoln Mackaoui <jmackaou@calpoly.edu>)
List	pgsql-bugs

Tree view

On Tuesday, May 5, 2020, Justis Lincoln Mackaoui <jmackaou@calpoly.edu> wrote:

My argument is that step #6, the granting of privileges on the table, should return an “ERROR: permission denied” because the “test_user” should not know at all about the objects contained within “test_schema”. This would prevent the confusing state of contradictory permissions and access-

Hiding object existence is not something PostgreSQL does. Anyone can view pg_class. So this is strictly a usability concern. At first glance I concur that there seems to be room for improvement here.

David J.

pgsql-bugs by date:

From: PG Bug reporting form
Date: 06 May 2020, 12:30:25
Subject: BUG #16418: postgis23_96 dependency proj49 missing now pgdg94 default to disabled

From: Jeff Janes
Date: 06 May 2020, 16:37:54
Subject: Re: Clarity Bug for Schema Permissions, Potential Vulnerability?

Re: Clarity Bug for Schema Permissions, Potential Vulnerability? - Mailing list pgsql-bugs

Previous

Next