| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | "Zwettler Markus (OIZ)" <Markus(dot)Zwettler(at)zuerich(dot)ch>, Joe Conway <mail(at)joeconway(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | PG16.1 security breach? |
| Date: | 2024-06-07 14:42:31 |
| Message-ID: | CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Friday, June 7, 2024, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote:
> > > Another point to keep in mind is that by default, execute privilege is
> granted to
> > > PUBLIC for newly created functions (see Section 5.7 for more
> information).
> >
> > Argh. No! What a bad habit!
> >
> > Might be good idea for an enhancement request to create a global
> parameter to disable this habit.
>
> I don't see the problem, since the default execution mode for functions is
> SECURITY INVOKER.
>
> But you can easily change that:
>
> ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON
> FUNCTION FROM PUBLIC;
>
You named function_creator here when in this example the role creating the
new object is postgres. How is it that the default privilege granted to
public doesn’t seem to care who the object creator is yet when revoking the
grant one supposedly can only do so within the scope of a single role?
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2024-06-07 15:15:56 | Re: Questions on logical replication |
| Previous Message | Adrian Klaver | 2024-06-07 14:35:58 | Re: AW: [Extern] Re: PG16.1 security breach? |