From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Joe Conway <mail(at)joeconway(dot)com> |
Cc: | "Hackers (PostgreSQL)" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: has_language_privilege returns incorrect answer for non-superuser |
Date: | 2012-07-10 07:50:32 |
Message-ID: | CABUevEwd8WLjvhZHsuqm5S6jvci0ft7=i9QQqQS6miji9LFJ3A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jul 10, 2012 at 3:23 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> I noticed today that has_language_privilege() returns incorrect answer
> for non-superuser, e.g.:
>
> 8<---------------------------------------------------
> select has_language_privilege('nobody',
> 'plperlu',
> 'usage');
> has_language_privilege
> ------------------------
> t
> (1 row)
>
> test1=# \c - nobody
> You are now connected to database "test1" as user "nobody".
>
> create function f() returns text as $$ $$ language plperlu;
> ERROR: permission denied for language plperlu
> 8<---------------------------------------------------
>
> I verified this behavior on head as well as 9.1 (didn't bother looking
> any further back). Looks like the reason is that CreateFunction()
> correctly checks lanpltrusted, whereas pg_language_aclmask() does not.
>
> Seems like a bug to me -- opinions?
Definitely seems like a bug to me, yes.
And while I haven't verified that the suggested fix actually fixes it
for me, it sounds reasonable :)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Colin 't Hart | 2012-07-10 09:09:34 | [PATCH] psql \n shortcut for set search_path = |
Previous Message | Magnus Hagander | 2012-07-10 07:38:38 | Re: Synchronous Standalone Master Redoux |