| From: | Pascal Meunier <pmeunier(at)cerias(dot)net> |
|---|---|
| To: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | minor feature request: Secure defaults during function creation |
| Date: | 2006-09-14 14:24:43 |
| Message-ID: | C12EDE6B.15229%pmeunier@cerias.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
First, I asked about this on #postgresql, and I realize that this request
would be a low priority item. Yet, it would be an improvement for security
reasons.
When creating a function using EXTERNAL SECURITY DEFINER, by default PUBLIC
has execute privileges on it. That's unexpected given that when I create a
new table, PUBLIC doesn't have any privileges on it. It's also not a secure
default.
My request is to allow changing default permissions for function creation, a
la "umask", or at least not give PUBLIC execute permissions by default. I
am aware that it is possible to wrap the create function statement with the
necessary grants/revokes inside a transaction, as a work-around, but it is
not obvious and makes things unnecessarily inconvenient. This increases the
chances of beginner and even medium-skill admins to get their security
wrong.
Thanks,
Pascal Meunier
Purdue University CERIAS
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2006-09-14 14:24:57 | Re: AIX shared libraries |
| Previous Message | Alvaro Herrera | 2006-09-14 14:22:22 | Re: CSStorm occurred again by postgreSQL8.2 |