On Tue, Jul 05, 2022 at 02:35:39PM -0400, Bruce Momjian wrote:
> On Fri, Jul 1, 2022 at 06:21:28PM -0700, Noah Misch wrote:
> > Here's what I've been trying to ask: what do you think of linking to
> > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > here? The release note text is still vague, and the docs have extensive
> > coverage of the topic. The notes can just link to that extensive coverage.
>
> Sure. how is this patch?
> --- a/doc/src/sgml/release-15.sgml
> +++ b/doc/src/sgml/release-15.sgml
> @@ -63,11 +63,12 @@ Author: Noah Misch <n...@leadboat.com>
> permissions on the <literal>public</literal> schema has not
> been changed. Databases restored from previous Postgres releases
> will be restored with their current permissions. Users wishing
> - to have the former permissions will need to grant
> + to have the former more-open permissions will need to grant
> <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> on the <literal>public</literal> schema; this change can be made
> on <literal>template1</literal> to cause all new databases
> - to have these permissions.
> + to have these permissions. This change was made to increase
> + security; see <xref linkend="ddl-schemas-patterns"/>.
> </para>
> </listitem>
I think this still puts undue weight on single-user systems moving back to the
old default. The linked documentation does say how to get back to v14
permissions (and disclaims security if you do so), so let's not mention it
here. The attached is how I would write it. I also reworked the "Databases
restored from previous ..." sentence, since its statement is also true of
databases restored v15-to-v15 (no "previous" release involved). I also moved
the bit about USAGE to end, since it's just emphasizing what the reader should
already assume. Any concerns?
Author: Noah Misch <n...@leadboat.com>
Commit: Noah Misch <n...@leadboat.com>
diff --git a/doc/src/sgml/release-15.sgml b/doc/src/sgml/release-15.sgml
index 179ad37..aa02ee9 100644
--- a/doc/src/sgml/release-15.sgml
+++ b/doc/src/sgml/release-15.sgml
@@ -58,16 +58,15 @@ Author: Noah Misch <n...@leadboat.com>
</para>
<para>
- This is a change in the default for newly-created databases in
- existing clusters and for new clusters; <literal>USAGE</literal>
- permissions on the <literal>public</literal> schema has not
- been changed. Databases restored from previous Postgres releases
- will be restored with their current permissions. Users wishing
- to have the former permissions will need to grant
- <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
- on the <literal>public</literal> schema; this change can be made
- on <literal>template1</literal> to cause all new databases
- to have these permissions.
+ The new default is one of the secure schema usage patterns that
+ <xref linkend="ddl-schemas-patterns"/> has recommended since the
+ security release for CVE-2018-1058. Upgrading a cluster or restoring a
+ database dump will preserve existing permissions. This is a change in
+ the default for newly-created databases in existing clusters and for new
+ clusters. In existing databases, especially those having multiple
+ users, consider issuing a <literal>REVOKE</literal> to adopt this new
+ default. (<literal>USAGE</literal> permission on this schema has not
+ changed.)
</para>
</listitem>
