Home > mailing lists

Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
Date	September 15, 2022 07:38:58
Msg-id	3120830.1663216738@sss.pgh.pa.us Whole thread Raw
In response to	Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? (Bryn Llewellyn <bryn@yugabyte.com>)
List	pgsql-general

Tree view

Bryn Llewellyn <bryn@yugabyte.com> writes:
> I just confirmed that, if it suits me, I can revoke "execute" from "public" on all overloads of the humble length()
function.Maybe I should refer to it as "pg_catalog.length()" to emphasize another point that had escaped me. 

Yup.  For even more fun, try revoking privileges on a function that
underlies an operator.

regression=# revoke execute on function int4pl from public;
REVOKE
regression=# select 2+2;  -- still works, for a superuser
 ?column?
----------
        4
(1 row)

regression=# create user joe;
CREATE ROLE
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> select 2+2;  -- not so much for anybody else
ERROR:  permission denied for function int4pl

            regards, tom lane

pgsql-general by date:

From: misha1966 misha1966
Date: 15 September 2022, 07:24:21
Subject: Re[2]: CVE-2022-2625

From: Matthias Apitz
Date: 15 September 2022, 08:33:49
Subject: Re: Mysterious performance degradation in exceptional cases

Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? - Mailing list pgsql-general

Previous

Next