Re: minor feature request: Secure defaults during function creation

On Thu, Sep 14, 2006 at 10:24:43AM -0400, Pascal Meunier wrote:
> First, I asked about this on #postgresql, and I realize that this request
> would be a low priority item.  Yet, it would be an improvement for security
> reasons.
> 
> When creating a function using EXTERNAL SECURITY DEFINER, by default PUBLIC
> has execute privileges on it.  That's unexpected given that when I create a
> new table, PUBLIC doesn't have any privileges on it.  It's also not a secure
> default.
> 
> My request is to allow changing default permissions for function creation, a
> la "umask", or at least not give PUBLIC execute permissions by default.  I
> am aware that it is possible to wrap the create function statement with the
> necessary grants/revokes inside a transaction, as a work-around, but it is
> not obvious and makes things unnecessarily inconvenient.  This increases the
> chances of beginner and even medium-skill admins to get their security
> wrong.

Hrm... do we have any other objects that default to granting permissions
on creation? ISTM all objects should be created with no permissions.
-- 
Jim Nasby                                            jim@nasby.net
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)