Quick Links

Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions

From:	Guillaume Lelarge <guillaume(at)lelarge(dot)info>
To:	"Knut P(dot) Lehre" <k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no>
Cc:	"Knut P(dot) Lehre" <knutpl(at)broadpark(dot)no>, pgadmin-hackers(at)postgresql(dot)org
Subject:	Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions
Date:	2011-04-08 21:47:58
Message-ID:	4D9F828E.5090101@lelarge.info
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-hackers

Le 08/04/2011 23:09, Knut P. Lehre a écrit :
> On 2011-04-08 22:18, Guillaume Lelarge wrote:
>> Le 08/04/2011 20:07, Knut P. Lehre a écrit :
>>> It is dangerous when working with security definer functions that the pgAdmin3
>>> script creator does not include a "revoke from public" for functions with e.g.
>>> ACL postgres=X/postgres (at least in version 1.10.1). If you use this script to
>>> copy a function definition, then you will get public execute granted to that
>>> function.
>>
>> Sure. That's the usual behaviour of PostgreSQL. So I don't get why
>> pgAdmin should do otherwise. We can of course allow the user to
>> automatically revoke public permissions on this kind of functions, if a
>> user clicks a checkbox for example (just like we do to automatically add
>> an index for foreign keys).
>>
>>> pg_dump adds a revoke from public in this case. Is this missing revoke in
>>> pgAdmin3 intentional or was it forgotten?
>>
>> Neither intentional nor forgotten. I don't think anyone ever thought
>> about it.
>>
>> BTW, I don't know where you saw/heard/read that pg_dump adds a revoke
>> from public in this particular case, but it doesn't, AFAICT.
>>
>>
>
> pg_dump does add a revoke on public.

When you explicitly revoke it first, yes, y'oure right. This wasn't
obvious in your previous mail.

> Please try f.ex. this in pgAdmin3:
>
> CREATE OR REPLACE FUNCTION test9(text) RETURNS text AS
> $BODY$
> DECLARE
> BEGIN
> RETURN $1;
> END;
> $BODY$
> LANGUAGE 'plpgsql';
> ALTER FUNCTION test9(text) OWNER TO postgres;
> REVOKE ALL ON FUNCTION test9(text) FROM public;
>
> Then, in pgAdmin3, you will see that the ACL and function script are:
>
> {postgres=X/postgres}
>
> CREATE OR REPLACE FUNCTION test9(text)
> RETURNS text AS
> $BODY$
> DECLARE
> BEGIN
> RETURN $1;
> END;
> $BODY$
> LANGUAGE 'plpgsql' VOLATILE
> COST 100;
> ALTER FUNCTION test9(text) OWNER TO postgres;
> GRANT EXECUTE ON FUNCTION test9(text) TO postgres;
>

This is a bug in pgAdmin. We'll have to fix it.

--
Guillaume
http://www.postgresql.fr
http://dalibo.com

In response to

Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions at 2011-04-08 21:09:24 from Knut P. Lehre

Browse pgadmin-hackers by date

	From	Date	Subject
Next Message	Guillaume Lelarge	2011-04-09 15:34:11	Per-column collation support
Previous Message	Knut P. Lehre	2011-04-08 21:09:24	Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions