From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
---|---|
To: | "Knut P(dot) Lehre" <k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no> |
Cc: | "Knut P(dot) Lehre" <knutpl(at)broadpark(dot)no>, pgadmin-hackers(at)postgresql(dot)org |
Subject: | Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions |
Date: | 2011-04-08 21:47:58 |
Message-ID: | 4D9F828E.5090101@lelarge.info |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
Le 08/04/2011 23:09, Knut P. Lehre a écrit :
> On 2011-04-08 22:18, Guillaume Lelarge wrote:
>> Le 08/04/2011 20:07, Knut P. Lehre a écrit :
>>> It is dangerous when working with security definer functions that the pgAdmin3
>>> script creator does not include a "revoke from public" for functions with e.g.
>>> ACL postgres=X/postgres (at least in version 1.10.1). If you use this script to
>>> copy a function definition, then you will get public execute granted to that
>>> function.
>>
>> Sure. That's the usual behaviour of PostgreSQL. So I don't get why
>> pgAdmin should do otherwise. We can of course allow the user to
>> automatically revoke public permissions on this kind of functions, if a
>> user clicks a checkbox for example (just like we do to automatically add
>> an index for foreign keys).
>>
>>> pg_dump adds a revoke from public in this case. Is this missing revoke in
>>> pgAdmin3 intentional or was it forgotten?
>>
>> Neither intentional nor forgotten. I don't think anyone ever thought
>> about it.
>>
>> BTW, I don't know where you saw/heard/read that pg_dump adds a revoke
>> from public in this particular case, but it doesn't, AFAICT.
>>
>>
>
> pg_dump does add a revoke on public.
When you explicitly revoke it first, yes, y'oure right. This wasn't
obvious in your previous mail.
> Please try f.ex. this in pgAdmin3:
>
> CREATE OR REPLACE FUNCTION test9(text) RETURNS text AS
> $BODY$
> DECLARE
> BEGIN
> RETURN $1;
> END;
> $BODY$
> LANGUAGE 'plpgsql';
> ALTER FUNCTION test9(text) OWNER TO postgres;
> REVOKE ALL ON FUNCTION test9(text) FROM public;
>
> Then, in pgAdmin3, you will see that the ACL and function script are:
>
> {postgres=X/postgres}
>
> CREATE OR REPLACE FUNCTION test9(text)
> RETURNS text AS
> $BODY$
> DECLARE
> BEGIN
> RETURN $1;
> END;
> $BODY$
> LANGUAGE 'plpgsql' VOLATILE
> COST 100;
> ALTER FUNCTION test9(text) OWNER TO postgres;
> GRANT EXECUTE ON FUNCTION test9(text) TO postgres;
>
This is a bug in pgAdmin. We'll have to fix it.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com
From | Date | Subject | |
---|---|---|---|
Next Message | Guillaume Lelarge | 2011-04-09 15:34:11 | Per-column collation support |
Previous Message | Knut P. Lehre | 2011-04-08 21:09:24 | Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions |