On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge
<[email protected]>wrote:
> Well, for a specific object, any superuser, the database owner, the
> schema owner, and the object owner could drop the object. This is not a
> vulnerability.
>
It is not documented clearly. Any information not made clear is an
opportunity for an error which leads to a vulnerability.
It is not a vulnerability in postgresql itself. It is a vulnerability in an
ill-designed system, which can come about due to misinformation / lack of
clarity.
Putting your first sentence ("For a specific object, any superuser, the
database owner, the schema owner, and the object owner could drop the
object.") in the documentation would remove the opportunity for error.
