Home > mailing lists

BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump - Mailing list pgsql-bugs

From	jeff@pgexperts.com
Subject	BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump
Date	July 18, 2013 19:50:08
Msg-id	E1UzrOw-00065n-Mb@wrigleys.postgresql.org Whole thread Raw
Responses	Re: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      8315
Logged by:          Jeff Frost
Email address:      jeff@pgexperts.com
PostgreSQL version: 9.2.4
Operating system:   Scientific Linux 6
Description:

Simple test case:


pgx-test:~ $ createdb permtest
pgx-test:~ $ psql permtest
psql (9.2.4)
Type "help" for help.


permtest=# create extension dblink;
CREATE EXTENSION


permtest=# create role permtestuser with login nosuperuser;


permtest=# grant EXECUTE on FUNCTION dblink(text) to permtestuser;
GRANT


pgx-test:~ $ pg_dump -s permtest | grep GRANT
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO PUBLIC;


I imagine we are expecting people to write security definer wrapper
functions, but if so, we should probably not allow them to grant permissions
on extension functions (and tables?) if we aren't going to preserve them in
the dump.

pgsql-bugs by date:

From: bricklen
Date: 18 July 2013, 18:33:37
Subject: Re: PGSQL Bug

From: bricklen
Date: 18 July 2013, 21:01:27
Subject: Re: PGSQL Bug

BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump - Mailing list pgsql-bugs

Previous

Next