Home > mailing lists

Why is EXECUTE granted to PUBLIC for all routines? - Mailing list pgsql-hackers

From	Jacek Trocinski
Subject	Why is EXECUTE granted to PUBLIC for all routines?
Date	April 22, 2022 20:31:29
Msg-id	CAPBN_=npERDpVuvJ63-7gn8PCGPCu_7q0DTwaURg8Of+7a7M+Q@mail.gmail.com Whole thread Raw
Responses	Re: Why is EXECUTE granted to PUBLIC for all routines? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Hi,

The default behavior on Postgres is to grant EXECUTE to PUBLIC on any
function or procedure that is created.

I feel this this is a security concern, especially for procedures and
functions defined with the "SECURITY DEFINER" clause.

Normally, we don’t want everyone on the database to be able to run
procedures or function without explicitly granting them the privilege
to do so.

Is there any reason to keep grant EXECUTE to PUBLIC on routines as the default?

Best,
Jacek Trocinski

pgsql-hackers by date:

From: Tom Lane
Date: 22 April 2022, 20:01:51
Subject: Re: Cryptohash OpenSSL error queue in FIPS enabled builds

From: Tom Lane
Date: 22 April 2022, 20:44:40
Subject: Re: Why is EXECUTE granted to PUBLIC for all routines?

Why is EXECUTE granted to PUBLIC for all routines? - Mailing list pgsql-hackers

Previous

Next