| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | "Zwettler Markus (OIZ)" <Markus(dot)Zwettler(at)zuerich(dot)ch>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: PG16.1 security breach? |
| Date: | 2024-06-07 13:22:21 |
| Message-ID: | 8c533be4-5ed8-4658-86b6-212fb2d4d1a3@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 6/7/24 07:04, Zwettler Markus (OIZ) wrote:
> I am running the following on Postgres 16.1 in database "postgres" as a
> superuser:
<snip>
> create or replace function oiz.f_set_dbowner (p_dbowner text, p_dbname text)
<snip>
> create role testuser with password 'testuser' login;
<snip>
> than this new role is able to execute the function oiz.f_set_dbowner
> immediately even I did not grant execute on this function to this role!
See:
https://www.postgresql.org/docs/current/sql-createfunction.html
In particular, this part:
8<------------------------
Another point to keep in mind is that by default, execute privilege is
granted to PUBLIC for newly created functions (see Section 5.7 for more
information). Frequently you will wish to restrict use of a security
definer function to only some users. To do that, you must revoke the
default PUBLIC privileges and then grant execute privilege selectively.
To avoid having a window where the new function is accessible to all,
create it and set the privileges within a single transaction. For example:
8<------------------------
HTH,
--
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zwettler Markus (OIZ) | 2024-06-07 13:54:23 | AW: [Extern] Re: PG16.1 security breach? |
| Previous Message | Ron Johnson | 2024-06-07 12:13:55 | Re: Poor performance after restoring database from snapshot on AWS RDS |