Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default

Поиск
Список
Период
Сортировка
От Olegs Jeremejevs
Тема Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default
Дата
Msg-id CAOpVyVvC1ie2DE9BZN1ve_MxjKAgHyizjs1k-6Y2EkFdzu8jOw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default  ("David G. Johnston" <david.g.johnston@gmail.com>)
Ответы Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default  (Tim Clarke <tim.clarke@manifest.co.uk>)
Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-general
Дерево обсуждения
Okay, in other words, there's no way to completely defend oneself from DoS attacks which require having a session? If so, is there a scenario where some bad actor can create a new user for themselves (to connect to the database with), and not be able to do anything more damaging than that? For example, if I can do an SQL injection, then I can do something more clever than running a CREATE ROLE. And if not, then there's no point in worrying about privileges in a single-tenant database? Beyond human error safeguards.

Olegs

On Sat, Feb 17, 2018 at 10:08 PM, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Saturday, February 17, 2018, Olegs Jeremejevs <olegs@jeremejevs.com> wrote:
Thanks for the reply.

I'm not sure whether you are really being limited/forced here or if you are thinking that having CREATE and USAGE on a schema is more powerful than it is...

As far as I know, having these permissions has a DoS potential, though, admittedly, negligible, if the rest of the database is secured properly. Just wanted to play safe and revoke them.

To an extent it is possible to DoS so long as you have a session and access to pg_catalog.  Having create and usage on public doesn't meaningfully (if at all) expand the risk surface area.  Default also provides for creating temporary tables.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: "David G. Johnston"
Дата:
Сообщение: Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default
Следующее
От: Tim Clarke
Дата:
Сообщение: Re: Rationale for PUBLIC having CREATE and USAGE privileges on theschema "public" by default