BUG #1874: Non-Execute Privileges enforced on grant - Mailing list pgsql-bugs

From Mark Diener
Subject BUG #1874: Non-Execute Privileges enforced on grant
Date
Msg-id 20050910083315.43380F0B10@svr2.postgresql.org
Whole thread Raw
Responses Re: BUG #1874: Non-Execute Privileges enforced on grant
List pgsql-bugs
The following bug has been logged online:

Bug reference:      1874
Logged by:          Mark Diener
Email address:      md@realmwireless.com
PostgreSQL version: 8.03
Operating system:   linux-i686
Description:        Non-Execute Privileges enforced on grant
Details:

It seems the EXECUTE privilege is not the only privilege that is being
checked during the execution of a PL/psql procedure language/function.

Only a superuser can execute non-trusted languages like python thus making
the python language unusable for average user.  Only for superusers.  What
happens when you want the python stored procedures to implement a layer of
security for standard users?

Then the pl/SQL language enforces SELECT/UPDATE/INSERT privileges on tables.
 It would appear intuitive that only the EXECUTE privilege should be
evaluated when a stored procedure executes.  By default, all superuser and
owner privileges should be allowed except for the EXECUTE privilege.

What happens when you want the pg/SQL stored procedures to implement a layer
of security for standard users and you don't want general users to have
select/update/insert privilege?  It is not an option to skip the select SQL
statement within stored procedures.

pgsql-bugs by date:

Previous
From: "Hugo Cesar"
Date:
Subject: BUG #1872: Failed to create process: 2!
Next
From: "Lee Benson"
Date:
Subject: BUG #1873: "Invalid username specified" during install