| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: No warning for a no-op REVOKE |
| Date: | 2024-03-25 13:59:42 |
| Message-ID: | 17D82547-3346-4ED7-95DA-19AFFE5B308B@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On 25 Mar 2024, at 14:54, Christophe Pettus <xof(at)thebuild(dot)com> wrote:
>
> Right now, if you do a REVOKE that doesn't actually revoke anything, it works silently. This can be a bit of a foot-gun. For example:
>
> CREATE FUNCTION f() RETURNS int as $$ SELECT 1; $$ LANGUAGE sql;
> REVOKE EXECUTE ON FUNCTION f() FROM lowpriv;
>
> Naively, it might be expected that `lowpriv` can't execute the function, but unless default privileges have been changed, `lowpriv` still can under the default grant of EXECUTE to PUBLIC. Since there was no previous grant to `lowpriv`, nothing actually changes in the ACL. This bit a client recently.
That's indeed a potential foot-gun.
> Is it worth generating a warning in this case?
Or maybe a NOTICE?
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-03-25 14:09:42 | Re: No warning for a no-op REVOKE |
| Previous Message | Christophe Pettus | 2024-03-25 13:54:30 | No warning for a no-op REVOKE |