Thread: Fix for function ownership

Nathan Wagner told me that two places in the create function docs say
permissions are controlled by the function creator, while permissions
are really controlled by the function owner.

The attached patch fixes this.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

Bruce Momjian <bruce@momjian.us> writes:
> Nathan Wagner told me that two places in the create function docs say
> permissions are controlled by the function creator, while permissions
> are really controlled by the function owner.

> The attached patch fixes this.

Looks like an improvement to me.  Are there any other places with
similar wording?

            regards, tom lane

On Fri, Sep 23, 2016 at 09:23:25PM -0400, Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > Nathan Wagner told me that two places in the create function docs say
> > permissions are controlled by the function creator, while permissions
> > are really controlled by the function owner.
>
> > The attached patch fixes this.
>
> Looks like an improvement to me.  Are there any other places with
> similar wording?

I couldn't find any others.  I looked for "user that created".

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+                     Ancient Roman grave inscription +

On Fri, Sep 23, 2016 at 08:31:02PM -0400, Bruce Momjian wrote:
> Nathan Wagner told me that two places in the create function docs say
> permissions are controlled by the function creator, while permissions
> are really controlled by the function owner.
>
> The attached patch fixes this.

Applied.

---------------------------------------------------------------------------


>
> --
>   Bruce Momjian  <bruce@momjian.us>        http://momjian.us
>   EnterpriseDB                             http://enterprisedb.com
>
> + As you are, so once was I. As I am, so you will be. +
> +                     Ancient Roman grave inscription +

> diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml
> new file mode 100644
> index 8108a43..b9d8833
> *** a/doc/src/sgml/ref/create_function.sgml
> --- b/doc/src/sgml/ref/create_function.sgml
> *************** CREATE [ OR REPLACE ] FUNCTION
> *** 401,407 ****
>         is to be executed with the privileges of the user that calls it.
>         That is the default.  <literal>SECURITY DEFINER</literal>
>         specifies that the function is to be executed with the
> !       privileges of the user that created it.
>        </para>
>
>        <para>
> --- 401,407 ----
>         is to be executed with the privileges of the user that calls it.
>         That is the default.  <literal>SECURITY DEFINER</literal>
>         specifies that the function is to be executed with the
> !       privileges of the user that owns it.
>        </para>
>
>        <para>
> *************** SELECT * FROM dup(42);
> *** 747,753 ****
>
>      <para>
>       Because a <literal>SECURITY DEFINER</literal> function is executed
> !     with the privileges of the user that created it, care is needed to
>       ensure that the function cannot be misused.  For security,
>       <xref linkend="guc-search-path"> should be set to exclude any schemas
>       writable by untrusted users.  This prevents
> --- 747,753 ----
>
>      <para>
>       Because a <literal>SECURITY DEFINER</literal> function is executed
> !     with the privileges of the user that owns it, care is needed to
>       ensure that the function cannot be misused.  For security,
>       <xref linkend="guc-search-path"> should be set to exclude any schemas
>       writable by untrusted users.  This prevents

>
> --
> Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-docs


--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +