AW: [Extern] Re: PG16.1 security breach?

> -----Ursprüngliche Nachricht-----
> Von: Joe Conway <mail(at)joeconway(dot)com>
> Gesendet: Freitag, 7. Juni 2024 15:22
> An: Zwettler Markus (OIZ) <Markus(dot)Zwettler(at)zuerich(dot)ch>; pgsql-
> general(at)lists(dot)postgresql(dot)org
> Betreff: [Extern] Re: PG16.1 security breach?
>
> On 6/7/24 07:04, Zwettler Markus (OIZ) wrote:
> > I am running the following on Postgres 16.1 in database "postgres" as
> > a
> > superuser:
>
> <snip>
>
> > create or replace function oiz.f_set_dbowner (p_dbowner text, p_dbname
> > text)
>
> <snip>
>
> > create role testuser with password 'testuser' login;
>
> <snip>
>
> > than this new role is able to execute the function oiz.f_set_dbowner
> > immediately even I did not grant execute on this function to this role!
>
> See:
> https://www.postgresql.org/docs/current/sql-createfunction.html
>
> In particular, this part:
> 8<------------------------
> Another point to keep in mind is that by default, execute privilege is granted to
> PUBLIC for newly created functions (see Section 5.7 for more information).
> Frequently you will wish to restrict use of a security definer function to only some
> users. To do that, you must revoke the default PUBLIC privileges and then grant
> execute privilege selectively.
> To avoid having a window where the new function is accessible to all, create it and
> set the privileges within a single transaction. For example:
> 8<------------------------
>
> HTH,
>
> --
> Joe Conway
> PostgreSQL Contributors Team
> RDS Open Source Databases
> Amazon Web Services: https://aws.amazon.com
>
> --- Externe Email: Vorsicht mit Anhängen, Links oder dem Preisgeben von
> Informationen ---

Argh. No! What a bad habit!

Might be good idea for an enhancement request to create a global parameter to disable this habit.

Thanks Markus