| From: | "Jim C(dot) Nasby" <jimn(at)enterprisedb(dot)com> |
|---|---|
| To: | Pascal Meunier <pmeunier(at)cerias(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: minor feature request: Secure defaults during function creation |
| Date: | 2006-09-16 21:04:06 |
| Message-ID: | 20060916210406.GE38854@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Sep 14, 2006 at 10:24:43AM -0400, Pascal Meunier wrote:
> First, I asked about this on #postgresql, and I realize that this request
> would be a low priority item. Yet, it would be an improvement for security
> reasons.
>
> When creating a function using EXTERNAL SECURITY DEFINER, by default PUBLIC
> has execute privileges on it. That's unexpected given that when I create a
> new table, PUBLIC doesn't have any privileges on it. It's also not a secure
> default.
>
> My request is to allow changing default permissions for function creation, a
> la "umask", or at least not give PUBLIC execute permissions by default. I
> am aware that it is possible to wrap the create function statement with the
> necessary grants/revokes inside a transaction, as a work-around, but it is
> not obvious and makes things unnecessarily inconvenient. This increases the
> chances of beginner and even medium-skill admins to get their security
> wrong.
Hrm... do we have any other objects that default to granting permissions
on creation? ISTM all objects should be created with no permissions.
--
Jim Nasby jim(at)nasby(dot)net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Dilger | 2006-09-16 21:13:49 | Re: Reducing data type space usage |
| Previous Message | Jim C. Nasby | 2006-09-16 21:02:35 | Re: [HACKERS] Is there any utility to update the table whenever text file gets changed? |