Thread: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump

BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump

From

jeff@pgexperts.com

Date:

18 July 2013, 19:50:08

The following bug has been logged on the website:

Bug reference:      8315
Logged by:          Jeff Frost
Email address:      jeff@pgexperts.com
PostgreSQL version: 9.2.4
Operating system:   Scientific Linux 6
Description:

Simple test case:


pgx-test:~ $ createdb permtest
pgx-test:~ $ psql permtest
psql (9.2.4)
Type "help" for help.


permtest=# create extension dblink;
CREATE EXTENSION


permtest=# create role permtestuser with login nosuperuser;


permtest=# grant EXECUTE on FUNCTION dblink(text) to permtestuser;
GRANT


pgx-test:~ $ pg_dump -s permtest | grep GRANT
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO PUBLIC;


I imagine we are expecting people to write security definer wrapper
functions, but if so, we should probably not allow them to grant permissions
on extension functions (and tables?) if we aren't going to preserve them in
the dump.

Re: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump

From

Tom Lane

Date:

18 July 2013, 21:47:55

jeff@pgexperts.com writes:
> permtest=# create extension dblink;
> CREATE EXTENSION
> permtest=# grant EXECUTE on FUNCTION dblink(text) to permtestuser;
> GRANT

I see no bug here.  This is not different from any other
property-alteration you might do on an extension member object.
We allow that (if you have privileges), but it's up to you to keep it
in sync with the extension definition file.

            regards, tom lane

Re: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump

From

Jeff Frost

Date:

18 July 2013, 21:54:04

On Jul 18, 2013, at 11:47 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> jeff@pgexperts.com writes:
>> permtest=# create extension dblink;
>> CREATE EXTENSION
>> permtest=# grant EXECUTE on FUNCTION dblink(text) to permtestuser;
>> GRANT
>
> I see no bug here.  This is not different from any other
> property-alteration you might do on an extension member object.
> We allow that (if you have privileges), but it's up to you to keep it
> in sync with the extension definition file.

So, perhaps we could warn users on extension property alterations?

Definitely seems like a gotcha.

Re: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump

From

Tom Lane

Date:

19 July 2013, 01:06:33

Jeff Frost <jeff@pgexperts.com> writes:
> On Jul 18, 2013, at 11:47 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I see no bug here.  This is not different from any other
>> property-alteration you might do on an extension member object.
>> We allow that (if you have privileges), but it's up to you to keep it
>> in sync with the extension definition file.

> So, perhaps we could warn users on extension property alterations?

Hm, I had thought there already was such a discussion in the docs,
but I can't find it now.  Do you want to draft some text?

            regards, tom lane