Home > mailing lists

Re: AW: [Extern] Re: PG16.1 security breach? - Mailing list pgsql-general

From	Laurenz Albe
Subject	Re: AW: [Extern] Re: PG16.1 security breach?
Date	June 7 17:32:44
Msg-id	6d223a4891287cfb08b720103faef2da1b5719f3.camel@cybertec.at Whole thread Raw
In response to	AW: [Extern] Re: PG16.1 security breach? ("Zwettler Markus (OIZ)" <Markus.Zwettler@zuerich.ch>)
Responses	PG16.1 security breach?
List	pgsql-general

Tree view

On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote:
> > Another point to keep in mind is that by default, execute privilege is granted to
> > PUBLIC for newly created functions (see Section 5.7 for more information).
>
> Argh. No! What a bad habit!
>
> Might be good idea for an enhancement request to create a global parameter to disable this habit.

I don't see the problem, since the default execution mode for functions is
SECURITY INVOKER.

But you can easily change that:

  ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON FUNCTION FROM PUBLIC;

Yours,
Laurenz Albe

pgsql-general by date:

From: "David G. Johnston"
Date: 07 June, 17:16:04
Subject: Re: PG16.1 security breach?

From: Adrian Klaver
Date: 07 June, 17:35:58
Subject: Re: AW: [Extern] Re: PG16.1 security breach?

Re: AW: [Extern] Re: PG16.1 security breach? - Mailing list pgsql-general

Previous

Next