BUG #8685: "alter default privileges" cannot revoke default execute privilege on functions - Mailing list pgsql-bugs

The following bug has been logged on the website:

Bug reference:      8685
Logged by:          Manuel Zahariev
Email address:      mz@alumni.sfu.ca
PostgreSQL version: 9.1.11
Operating system:   Ubuntu 13.10
Description:

ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM <role>
...does not remove default execute privileges on functions




====================
Log:


$sudo -u postgres psql
psql (9.1.11)
Type "help" for help.


postgres=# CREATE DATABASE db;
CREATE DATABASE
postgres=# CREATE ROLE u WITH PASSWORD '1234' login;
CREATE ROLE
postgres=# \c db
You are now connected to database "db" as user "postgres".
db=# ALTER DEFAULT PRIVILEGES REVOKE EXECUTE ON FUNCTIONS FROM u;
ALTER DEFAULT PRIVILEGES
db=# CREATE FUNCTION f() RETURNS varchar AS $$
db$# SELECT 'Hello'::varchar;
db$# $$ LANGUAGE 'SQL' SECURITY DEFINER;
CREATE FUNCTION
db=# SELECT * FROM f();
   f
-------
 Hello
(1 row)


db=# \q
$psql -h localhost db u
Password for user u:
psql (9.1.11)
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.


db=> SELECT * FROM f();  -- should fail
   f
-------
 Hello
(1 row)