Thread: Re: [BUGS] Bug #549: select table privilege in postgres allows user to create index on the table
Re: [BUGS] Bug #549: select table privilege in postgres allows user to create index on the table
From
Tom Lane
Date:
pgsql-bugs@postgresql.org writes:
> select table privilege in postgres allows user to create index on the table
Actually, it appears that CREATE INDEX has no permission check at all.
I agree this is a bug. Probably CREATE INDEX should require ownership
permission, the same as ALTER TABLE.
regards, tom lane
Tom Lane wrote: > pgsql-bugs@postgresql.org writes: > > select table privilege in postgres allows user to create index on the table > > Actually, it appears that CREATE INDEX has no permission check at all. > > I agree this is a bug. Probably CREATE INDEX should require ownership > permission, the same as ALTER TABLE. Added to TODO: * Allow only owner to create indexes -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026
Re: [BUGS] Bug #549: select table privilege in postgres allows user to create index on the table
From
Tom Lane
Date:
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Added to TODO:
> * Allow only owner to create indexes
I was going to just fix it now. Do you want to leave it for 7.3?
regards, tom lane
Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > Added to TODO: > > * Allow only owner to create indexes > > I was going to just fix it now. Do you want to leave it for 7.3? If you think it is safe, go ahead. I fixed some stuff last night. :-) I will remove from TODO when I see the commit. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026