Re: [v9.2] Fix Leaky View Problem
Kevin Grittner <kevin.grittner@wicourts.gov>
From: "Kevin Grittner" <Kevin.Grittner@wicourts.gov>
To: <robertmhaas@gmail.com>,<noah@leadboat.com>
Cc: <Kohei.Kaigai@emea.nec.com>,<kaigai@kaigai.gr.jp>, <thom@linux.com>, <pgsql-hackers@postgresql.org>, <tgl@sss.pgh.pa.us>
Date: 2011-09-25T16:22:03Z
Lists: pgsql-hackers
Robert Haas 09/25/11 10:58 AM >>>
> I'm not sure we've been 100% consistent about that, since we
> previously made CREATE OR REPLACE LANGUAGE not replace the owner
> with the current user.
I think we've been consistent in *not* changing security on an
object when it is replaced.
test=# create user someoneelse;
CREATE ROLE
test=# create user yetanother;
CREATE ROLE
test=# create function one() returns int language sql as 'select 1;';
CREATE FUNCTION
test=# alter function one() owner to someoneelse;
ALTER FUNCTION
test=# revoke execute on function one() from public;
REVOKE
test=# create or replace function one() returns int language plpgsql as
$$begin return 1; end;$$;
CREATE FUNCTION
test=# \df+ one()
List of
functions
Schema | Name | Result data type | Argument data types | Type |
Volatility | Owner | Language | Source code | Description
--------+------+------------------+---------------------+--------+------------+-------------+----------+----------------------+-------------
public | one | integer | | normal |
volatile | someoneelse | plpgsql | begin return 1; end; |
(1 row)
test=# set role yetanother;
SET
test=> select one();
ERROR: permission denied for function one
-Kevin