On Thu, Sep 14, 2006 at 10:24:43AM -0400, Pascal Meunier wrote:
> First, I asked about this on #postgresql, and I realize that this request
> would be a low priority item. Yet, it would be an improvement for security
> reasons.
>
> When creating a function using EXTERNAL SECURITY DEFINER, by default PUBLIC
> has execute privileges on it. That's unexpected given that when I create a
> new table, PUBLIC doesn't have any privileges on it. It's also not a secure
> default.
>
> My request is to allow changing default permissions for function creation, a
> la "umask", or at least not give PUBLIC execute permissions by default. I
> am aware that it is possible to wrap the create function statement with the
> necessary grants/revokes inside a transaction, as a work-around, but it is
> not obvious and makes things unnecessarily inconvenient. This increases the
> chances of beginner and even medium-skill admins to get their security
> wrong.
Hrm... do we have any other objects that default to granting permissions
on creation? ISTM all objects should be created with no permissions.
--
Jim Nasby jim@nasby.net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)