From: | mz(at)alumni(dot)sfu(dot)ca |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions |
Date: | 2013-12-18 19:08:19 |
Message-ID: | E1VtMTj-0002jS-5h@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 8685
Logged by: Manuel Zahariev
Email address: mz(at)alumni(dot)sfu(dot)ca
PostgreSQL version: 9.1.11
Operating system: Ubuntu 13.10
Description:
ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM <role>
...does not remove default execute privileges on functions
====================
Log:
$sudo -u postgres psql
psql (9.1.11)
Type "help" for help.
postgres=# CREATE DATABASE db;
CREATE DATABASE
postgres=# CREATE ROLE u WITH PASSWORD '1234' login;
CREATE ROLE
postgres=# \c db
You are now connected to database "db" as user "postgres".
db=# ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM u;
ALTER DEFAULT PRIVILEGES
db=# CREATE FUNCTION f() RETURNS varchar AS $$
db$# SELECT 'Hello'::varchar;
db$# $$ LANGUAGE 'SQL' SECURITY DEFINER;
CREATE FUNCTION
db=# SELECT * FROM f();
f
-------
Hello
(1 row)
db=# \q
$psql -h localhost db u
Password for user u:
psql (9.1.11)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.
db=> SELECT * FROM f(); -- should fail
f
-------
Hello
(1 row)
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2013-12-18 19:13:12 | Re: BUG #8673: Could not open file "pg_multixact/members/xxxx" on slave during hot_standby |
Previous Message | Bruce Momjian | 2013-12-18 17:16:28 | Re: BUG #8139: initdb: Misleading error message when current user not in /etc/passwd |