PG16.1 security breach? - Mailing list pgsql-general

From David G. Johnston
Subject PG16.1 security breach?
Date
Msg-id CAKFQuwaMthLY0XFtv44EBwc=nAwJO0_onACZoG0bnj9jvPBA5Q@mail.gmail.com
Whole thread Raw
In response to Re: AW: [Extern] Re: PG16.1 security breach?  (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses Re: PG16.1 security breach?
List pgsql-general
On Friday, June 7, 2024, Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Fri, 2024-06-07 at 13:54 +0000, Zwettler Markus (OIZ) wrote:
> > Another point to keep in mind is that by default, execute privilege is granted to
> > PUBLIC for newly created functions (see Section 5.7 for more information).
>
> Argh. No! What a bad habit!
>
> Might be good idea for an enhancement request to create a global parameter to disable this habit.

I don't see the problem, since the default execution mode for functions is
SECURITY INVOKER.

But you can easily change that:

  ALTER DEFAULT PRIVILEGES FOR ROLE function_creator REVOKE EXECUTE ON FUNCTION FROM PUBLIC;


You named function_creator here when in this example the role creating the new object is postgres.  How is it that the default privilege granted to public doesn’t seem to care who the object creator is yet when revoking the grant one supposedly can only do so within the scope of a single role?

David J.

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: AW: [Extern] Re: PG16.1 security breach?
Next
From: Adrian Klaver
Date:
Subject: Re: Questions on logical replication