Re: has_language_privilege returns incorrect answer for non-superuser

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: "Hackers (PostgreSQL)" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: has_language_privilege returns incorrect answer for non-superuser
Date: 2012-07-10 07:50:32
Message-ID: CABUevEwd8WLjvhZHsuqm5S6jvci0ft7=i9QQqQS6miji9LFJ3A@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jul 10, 2012 at 3:23 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> I noticed today that has_language_privilege() returns incorrect answer
> for non-superuser, e.g.:
>
> 8<---------------------------------------------------
> select has_language_privilege('nobody',
> 'plperlu',
> 'usage');
> has_language_privilege
> ------------------------
> t
> (1 row)
>
> test1=# \c - nobody
> You are now connected to database "test1" as user "nobody".
>
> create function f() returns text as $$ $$ language plperlu;
> ERROR: permission denied for language plperlu
> 8<---------------------------------------------------
>
> I verified this behavior on head as well as 9.1 (didn't bother looking
> any further back). Looks like the reason is that CreateFunction()
> correctly checks lanpltrusted, whereas pg_language_aclmask() does not.
>
> Seems like a bug to me -- opinions?

Definitely seems like a bug to me, yes.

And while I haven't verified that the suggested fix actually fixes it
for me, it sounds reasonable :)

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Colin 't Hart 2012-07-10 09:09:34 [PATCH] psql \n shortcut for set search_path =
Previous Message Magnus Hagander 2012-07-10 07:38:38 Re: Synchronous Standalone Master Redoux