Postgres Pro
Downloads
Home   >   mailing lists

BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions - Mailing list pgsql-bugs

From mz@alumni.sfu.ca
Subject BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions
Date
Msg-id E1VtMTj-0002jS-5h@wrigleys.postgresql.org
Whole thread Raw
Responses Re: BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions  (David Johnston <polobo@yahoo.com>)
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      8685
Logged by:          Manuel Zahariev
Email address:      mz@alumni.sfu.ca
PostgreSQL version: 9.1.11
Operating system:   Ubuntu 13.10
Description:

ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM <role>
...does not remove default execute privileges on functions




====================
Log:


$sudo -u postgres psql
psql (9.1.11)
Type "help" for help.


postgres=# CREATE DATABASE db;
CREATE DATABASE
postgres=# CREATE ROLE u WITH PASSWORD '1234' login;
CREATE ROLE
postgres=# \c db
You are now connected to database "db" as user "postgres".
db=# ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM u;
ALTER DEFAULT PRIVILEGES
db=# CREATE FUNCTION f() RETURNS varchar AS $$
db$# SELECT 'Hello'::varchar;
db$# $$ LANGUAGE 'SQL' SECURITY DEFINER;
CREATE FUNCTION
db=# SELECT * FROM f();
   f
-------
 Hello
(1 row)


db=# \q
$psql -h localhost db u
Password for user u:
psql (9.1.11)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.


db=> SELECT * FROM f();  -- should fail
   f
-------
 Hello
(1 row)

pgsql-bugs by date:

Previous
From: Andres Freund
Date:
Subject: Re: BUG #8673: Could not open file "pg_multixact/members/xxxx" on slave during hot_standby
Next
From: David Johnston
Date:
Subject: Re: BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions