Re: PG16.1 security breach?

On Fri, 2024-06-07 at 07:42 -0700, David G. Johnston wrote:
> On Friday, June 7, 2024, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> > On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote:
> > > > Another point to keep in mind is that by default, execute privilege is granted to
> > > > PUBLIC for newly created functions (see Section 5.7 for more information).
> > >
> > > Argh. No! What a bad habit!
> > >
> > > Might be good idea for an enhancement request to create a global parameter to disable this habit.
> >
> > I don't see the problem, since the default execution mode for functions is
> > SECURITY INVOKER.
> >
> > But you can easily change that:
> >
> >   ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON FUNCTION FROM PUBLIC;
>
> You named function_creator here when in this example the role creating the new object is postgres.

Then use "postgres" rather than "function_creator".

An ALTER DEFAULT PRIVILEGES statement always only changes default privileges for objects
created by a certain user.

> How is it that the default privilege granted to public doesn’t seem to care who the object creator
> is yet when revoking the grant one supposedly can only do so within the scope of a single role?

I don't understand what you wrote. ALTER DEFAULT PRIVILEGES also only applies to objects
created by a single role when you grant default privileges.

Yours,
Laurenz Albe