Re: reuse sysids security hole?

Can I have a TODO for this?

---------------------------------------------------------------------------

Tom Lane wrote:
> Gavin Sherry <swm@linuxworld.com.au> writes:
> > On Tue, 12 Aug 2003, Andrew Dunstan wrote:
> >> Is this a security hole? Looks like one to me. Would it be better to use 
> >> a sequence generator for sysids instead of using max+1 on the user 
> >> table? Or else store the last sysid used somewhere?
> 
> > This issue has been discussed before and it was agreed that since most
> > UNIX systems will behave in the same way, there's no way to know. Also, it
> > is not possible for a given database to know the max(sysid) of pg_user in
> > another database.
> 
> You forget that pg_shadow is a shared (cluster-wide) table.
> 
> I believe we could make a shared sequence object, too, if we wanted to
> go the sequence route.
> 
> Right at the moment I like both ideas: a shared sequence to generate new
> sysids, and don't ever delete pg_shadow rows.  One attraction of the
> sequence generator is that scans over pg_shadow could get rather tedious
> if we follow the latter policy.  But with a sequence, CREATE USER
> wouldn't need to do a scan.
> 
> Something else that should be factored into any redesign of pg_shadow is
> the notion of combining users and groups, at least to the extent of
> having a common sysid space for both.  See discussion started by Peter
> a month or two back (I think thread title mentioned "roles").
> 
>             regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
>                http://www.postgresql.org/docs/faqs/FAQ.html
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073