Re: PG16.1 security breach?

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Laurenz Albe <[email protected]>
To: David G. Johnston <[email protected]>
Cc: Zwettler Markus (OIZ) <[email protected]>
Cc: Joe Conway <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: PG16.1 security breach?
Date: Mon, 10 Jun 2024 11:21:42 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com>
References: <GV0P278MB00996776669F54A7EADB64688BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
	<[email protected]>
	<GV0P278MB00993C93868025F89845F58D8BFB2@GV0P278MB0099.CHEP278.PROD.OUTLOOK.COM>
	<[email protected]>
	<CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com>

On Fri, 2024-06-07 at 07:42 -0700, David G. Johnston wrote:
> On Friday, June 7, 2024, Laurenz Albe <[email protected]> wrote:
> > On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote:
> > > > Another point to keep in mind is that by default, execute privilege is granted to
> > > > PUBLIC for newly created functions (see Section 5.7 for more information).
> > > 
> > > Argh. No! What a bad habit!
> > > 
> > > Might be good idea for an enhancement request to create a global parameter to disable this habit.
> > 
> > I don't see the problem, since the default execution mode for functions is
> > SECURITY INVOKER.
> > 
> > But you can easily change that:
> > 
> >   ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON FUNCTION FROM PUBLIC;
> 
> You named function_creator here when in this example the role creating the new object is postgres.

Then use "postgres" rather than "function_creator".

An ALTER DEFAULT PRIVILEGES statement always only changes default privileges for objects
created by a certain user.

> How is it that the default privilege granted to public doesn’t seem to care who the object creator
> is yet when revoking the grant one supposedly can only do so within the scope of a single role?

I don't understand what you wrote.  ALTER DEFAULT PRIVILEGES also only applies to objects
created by a single role when you grant default privileges.

Yours,
Laurenz Albe

view thread (7+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: PG16.1 security breach?
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox