Home > mailing lists

Re: PG16.1 security breach? - Mailing list pgsql-general

From	Ron Johnson
Subject	Re: PG16.1 security breach?
Date	June 13 00:37:22
Msg-id	CANzqJaCZ_+UKf5g5qW8XDzVQO08yhKgJtr-T3vD0SAf5jLF0FA@mail.gmail.com Whole thread Raw
In response to	Re: PG16.1 security breach? ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses	Re: PG16.1 security breach? Re: PG16.1 security breach?
List	pgsql-general

Tree view

On Wed, Jun 12, 2024 at 4:36 PM David G. Johnston <david.g.johnston@gmail.com> wrote:

On Mon, Jun 10, 2024 at 2:21 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
> How is it that the default privilege granted to public doesn’t seem to care who the object creator
> is yet when revoking the grant one supposedly can only do so within the scope of a single role?

I don't understand what you wrote. ALTER DEFAULT PRIVILEGES also only applies to objects
created by a single role when you grant default privileges.

I think my point is that a paragraph like the following may be a useful addition:

If one wishes to remove the default privilege granted to public to execute all newly created procedures it is necessary to revoke that privilege for every superuser in the system

That seems... excessive. You can revoke other privs from public (can't you?), so why seemingly only do procedures/functions have this difficulty.

pgsql-general by date:

From: Rich Shepard
Date: 13 June, 00:36:51
Subject: Re: Defining columns for INSERT statements

From: Ron Johnson
Date: 13 June, 00:48:26
Subject: Re: UPDATE with multiple WHERE conditions

Re: PG16.1 security breach? - Mailing list pgsql-general

Previous

Next