Re: [v9.2] Fix Leaky View Problem

Kevin Grittner <kevin.grittner@wicourts.gov>

From: "Kevin Grittner" <Kevin.Grittner@wicourts.gov>
To: <robertmhaas@gmail.com>,<noah@leadboat.com>
Cc: <Kohei.Kaigai@emea.nec.com>,<kaigai@kaigai.gr.jp>, <thom@linux.com>, <pgsql-hackers@postgresql.org>, <tgl@sss.pgh.pa.us>
Date: 2011-09-25T16:22:03Z
Lists: pgsql-hackers
Robert Haas  09/25/11 10:58 AM >>>

> I'm not sure we've been 100% consistent about that, since we
> previously made CREATE OR REPLACE LANGUAGE not replace the owner
> with the current user.
 
I think we've been consistent in *not* changing security on an
object when it is replaced.
 
test=# create user someoneelse;
CREATE ROLE
test=# create user yetanother;
CREATE ROLE
test=# create function one() returns int language sql as 'select 1;';
CREATE FUNCTION
test=# alter function one() owner to someoneelse;
ALTER FUNCTION
test=# revoke execute on function one() from public;
REVOKE
test=# create or replace function one() returns int language plpgsql as
$$begin return 1; end;$$;
CREATE FUNCTION
test=# \df+ one()
                                                             List of
functions
 Schema | Name | Result data type | Argument data types |  Type  |
Volatility |    Owner    | Language |     Source code      | Description

--------+------+------------------+---------------------+--------+------------+-------------+----------+----------------------+-------------
 public | one  | integer          |                     | normal |
volatile   | someoneelse | plpgsql  | begin return 1; end; | 
(1 row)

test=# set role yetanother;
SET
test=> select one();
ERROR:  permission denied for function one

-Kevin