Postgres Pro
Downloads
Home   >   mailing lists

Re: [DOCS] Fix for function ownership - Mailing list pgsql-docs

From Bruce Momjian
Subject Re: [DOCS] Fix for function ownership
Date
Msg-id 20170321023339.GC2045@momjian.us
Whole thread Raw
In response to Fix for function ownership  (Bruce Momjian <bruce@momjian.us>)
List pgsql-docs
Tree view 
On Fri, Sep 23, 2016 at 08:31:02PM -0400, Bruce Momjian wrote:
> Nathan Wagner told me that two places in the create function docs say
> permissions are controlled by the function creator, while permissions
> are really controlled by the function owner.
>
> The attached patch fixes this.

Applied.

---------------------------------------------------------------------------


>
> --
>   Bruce Momjian  <bruce@momjian.us>        http://momjian.us
>   EnterpriseDB                             http://enterprisedb.com
>
> + As you are, so once was I. As I am, so you will be. +
> +                     Ancient Roman grave inscription +

> diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
> new file mode 100644
> index 8108a43..b9d8833
> *** a/doc/src/sgml/ref/create_function.sgml
> --- b/doc/src/sgml/ref/create_function.sgml
> *************** CREATE [ OR REPLACE ] FUNCTION
> *** 401,407 ****
>         is to be executed with the privileges of the user that calls it.
>         That is the default.  <literal>SECURITY DEFINER</literal>
>         specifies that the function is to be executed with the
> !       privileges of the user that created it.
>        </para>
>
>        <para>
> --- 401,407 ----
>         is to be executed with the privileges of the user that calls it.
>         That is the default.  <literal>SECURITY DEFINER</literal>
>         specifies that the function is to be executed with the
> !       privileges of the user that owns it.
>        </para>
>
>        <para>
> *************** SELECT * FROM dup(42);
> *** 747,753 ****
>
>      <para>
>       Because a <literal>SECURITY DEFINER</literal> function is executed
> !     with the privileges of the user that created it, care is needed to
>       ensure that the function cannot be misused.  For security,
>       <xref linkend="guc-search-path"> should be set to exclude any schemas
>       writable by untrusted users.  This prevents
> --- 747,753 ----
>
>      <para>
>       Because a <literal>SECURITY DEFINER</literal> function is executed
> !     with the privileges of the user that owns it, care is needed to
>       ensure that the function cannot be misused.  For security,
>       <xref linkend="guc-search-path"> should be set to exclude any schemas
>       writable by untrusted users.  This prevents

>
> --
> Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-docs


--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

pgsql-docs by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [DOCS] Better example
Next
From: Fujii Masao
Date:
Subject: [DOCS] obsolete description for rolreplication in pg_authid and pg_roles