Thread: privilege & user

privilege & user

From
"Lee Wu"
Date:

Hi,

 

Here is my test, I think the privilege should be revoked automatically.

Otherwise, it is a dangerous thing:

 

bash-2.05b$ createdb dod

CREATE DATABASE

bash-2.05b$ psql dod

Welcome to psql 8.0.3, the PostgreSQL interactive terminal.

 

Type:  \copyright for distribution terms

       \h for help with SQL commands

       \? for help with psql commands

       \g or terminate with semicolon to execute query

       \q to quit

 

dod=# create user secretary_dod;

CREATE USER

dod=# create table terror (c1 int);

CREATE TABLE

dod=# grant select on terror to secretary_dod;

GRANT

 

dod=# \z terror

                      Access privileges for database "dod"

 Schema |  Name  | Type  |                  Access privileges

--------+--------+-------+------------------------------------------------------

 public | terror | table | {postgres=arwdRxt/postgres,secretary_dod=r/postgres}

(1 row)

 

dod=# drop user secretary_dod;

DROP USER

 

dod=# \z terror

                 Access privileges for database "dod"

 Schema |  Name  | Type  |             Access privileges

--------+--------+-------+--------------------------------------------

 public | terror | table | {postgres=arwdRxt/postgres,103=r/postgres}

(1 row)

 

dod=# create user a_staff SYSID 103;

CREATE USER

 

dod=# \c - a_staff

You are now connected as new user "a_staff".

dod=> select * from terror;

c1

----

(0 rows)

 

 

*** WOW!, A_staff can what the Secretary of Dept of Defense could see ***

Re: privilege & user

From
Alvaro Herrera
Date:
On Mon, Jul 11, 2005 at 02:20:52PM -0600, Lee Wu wrote:

> Here is my test, I think the privilege should be revoked automatically.

Long-standing known bug.  Fixed in 8.1.

--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
"La persona que no quería pecar / estaba obligada a sentarse
 en duras y empinadas sillas    / desprovistas, por cierto
 de blandos atenuantes"                          (Patricio Vogel)