Hello,
When considering our mitigation strategy for the recently-announced CVE-2018-1058, we’ve been trying to choose between:
- ALTER SCHEMA public OWNER TO <db-owner>
- GRANT CREATE ON SCHEMA public TO <db-owner>
This is of course after the REVOKE CREATE ON SCHEMA public FROM PUBLIC.
We understand why the public schema is owned by the “postgres” account to start with, i.e. because CREATE DATABASE copies from the template1 database. But this does mean that we need a post-createdb action to allow an application account to use the public schema to create its objects (which is our most typical configuration).
Changing the owner of the public schema to the database owner after database creation (i.e. #1 above) seems to be the simplest approach, but we’re wondering if there’s a reason for the public schema to be owned by the postgres account, i.e. beyond just “this is how it happens by default”. We can’t come up with one, and neither can our Google-fu. :-)
Thanks in advance for your insights,
Kav Moradhassel | R&D Tools and Metrics | Ciena
kmoradha@ciena.com | 385 Terry Fox Drive | Ottawa, ON, K2K 0L1 Canada