Home > mailing lists

Re: Why is EXECUTE granted to PUBLIC for all routines? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Why is EXECUTE granted to PUBLIC for all routines?
Date	April 22, 2022 20:44:40
Msg-id	3707734.1650649480@sss.pgh.pa.us Whole thread Raw
In response to	Why is EXECUTE granted to PUBLIC for all routines? (Jacek Trocinski <jacek@hedgehog.app>)
Responses	Re: Why is EXECUTE granted to PUBLIC for all routines? (Isaac Morland <isaac.morland@gmail.com>)
List	pgsql-hackers

Tree view

Jacek Trocinski <jacek@hedgehog.app> writes:
> The default behavior on Postgres is to grant EXECUTE to PUBLIC on any
> function or procedure that is created.

> I feel this this is a security concern, especially for procedures and
> functions defined with the "SECURITY DEFINER" clause.

There is zero security concern for non-SECURITY-DEFINER functions,
since they do nothing callers couldn't do for themselves.  For those,
you typically do want to grant out permissions.  As for SECURITY DEFINER
functions, there is no reason to make one unless it is meant to be called
by someone besides the owner.  Perhaps PUBLIC isn't the scope you want to
grant it to, but no-privileges wouldn't be a useful default there either.

In any case, changing this decision now would cause lots of problems,
such as breaking existing dump files.  We're unlikely to revisit it.

As noted in the docs, best practice is to adjust the permissions
as you want them in the same transaction that creates the function.

            regards, tom lane

pgsql-hackers by date:

From: Jacek Trocinski
Date: 22 April 2022, 20:31:29
Subject: Why is EXECUTE granted to PUBLIC for all routines?

From: Andres Freund
Date: 22 April 2022, 21:36:56
Subject: Re: Postgres perl module namespace

Re: Why is EXECUTE granted to PUBLIC for all routines? - Mailing list pgsql-hackers

Previous

Next