> -----Ursprüngliche Nachricht----- > Von: Joe Conway <mail@xxxxxxxxxxxxx> > Gesendet: Freitag, 7. Juni 2024 15:22 > An: Zwettler Markus (OIZ) <Markus.Zwettler@xxxxxxxxxx>; pgsql- > general@xxxxxxxxxxxxxxxxxxxx > Betreff: [Extern] Re: PG16.1 security breach? > > On 6/7/24 07:04, Zwettler Markus (OIZ) wrote: > > I am running the following on Postgres 16.1 in database "postgres" as > > a > > superuser: > > <snip> > > > create or replace function oiz.f_set_dbowner (p_dbowner text, p_dbname > > text) > > <snip> > > > create role testuser with password 'testuser' login; > > <snip> > > > than this new role is able to execute the function oiz.f_set_dbowner > > immediately even I did not grant execute on this function to this role! > > See: > https://www.postgresql.org/docs/current/sql-createfunction.html > > In particular, this part: > 8<------------------------ > Another point to keep in mind is that by default, execute privilege is granted to > PUBLIC for newly created functions (see Section 5.7 for more information). > Frequently you will wish to restrict use of a security definer function to only some > users. To do that, you must revoke the default PUBLIC privileges and then grant > execute privilege selectively. > To avoid having a window where the new function is accessible to all, create it and > set the privileges within a single transaction. For example: > 8<------------------------ > > HTH, > > -- > Joe Conway > PostgreSQL Contributors Team > RDS Open Source Databases > Amazon Web Services: https://aws.amazon.com > > --- Externe Email: Vorsicht mit Anhängen, Links oder dem Preisgeben von > Informationen --- Argh. No! What a bad habit! Might be good idea for an enhancement request to create a global parameter to disable this habit. Thanks Markus
