digoal
2021-09-13
PostgreSQL , public , 权限 , schema
这个patch影响面很广, 一定要注意. 相当于执行了:
revoke create on schema public from public;
如果要保持和以前版本一样的权限, 从 15开始, 需要执行:
grant create on schema public to public;
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
author Noah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
committer Noah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
commit b073c3ccd06e4cb845e121387a43faa8c68a7b62
tree 47e7f43d5ced29aab75de1942f2e905bcba86278 tree
parent cba79a163267a44205e391137deb543f4f89bc8b commit | diff
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
This switches the default ACL to what the documentation has recommended
since CVE-2018-1058. Upgrades will carry forward any old ownership and
ACL. Sites that declined the 2018 recommendation should take a fresh
look. Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc. Out-of-tree test
suites may require such updates.
Reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com
您的愿望将传达给PG kernel hacker、数据库厂商等, 帮助提高数据库产品质量和功能, 说不定下一个PG版本就有您提出的功能点. 针对非常好的提议,奖励限量版PG文化衫、纪念品、贴纸、PG热门书籍等,奖品丰富,快来许愿。开不开森.
