From a392c98b5ce6a2da2c475380c72bcef6f1520784 Mon Sep 17 00:00:00 2001 From: Ibrar Ahmed Date: Tue, 15 Nov 2022 17:45:42 +0000 Subject: [PATCH] PG-518: Drop the internal function permission from PUBLIC. It will be a security problem to provide the internal function access to PUBLIC. This commit will revoke all permission of internal functions from PUBLIC. --- pg_stat_monitor--1.0--2.0.sql | 5 +++++ pg_stat_monitor--1.0.sql | 7 +++++++ pg_stat_monitor--2.0.sql | 5 +++++ 3 files changed, 17 insertions(+) diff --git a/pg_stat_monitor--1.0--2.0.sql b/pg_stat_monitor--1.0--2.0.sql index 18d28b1..dbfc8bb 100644 --- a/pg_stat_monitor--1.0--2.0.sql +++ b/pg_stat_monitor--1.0--2.0.sql @@ -271,6 +271,11 @@ $$ $$ LANGUAGE plpgsql; SELECT pgsm_create_view(); +REVOKE ALL ON FUNCTION range FROM PUBLIC; +REVOKE ALL ON FUNCTION get_cmd_type FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_settings FROM PUBLIC; +REVOKE ALL ON FUNCTION decode_error_level FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_internal FROM PUBLIC; GRANT SELECT ON pg_stat_monitor TO PUBLIC; diff --git a/pg_stat_monitor--1.0.sql b/pg_stat_monitor--1.0.sql index 1e4e0f9..0321479 100644 --- a/pg_stat_monitor--1.0.sql +++ b/pg_stat_monitor--1.0.sql @@ -387,5 +387,12 @@ $$ LANGUAGE plpgsql; SELECT pgsm_create_view(); +REVOKE ALL ON FUNCTION range FROM PUBLIC; +REVOKE ALL ON FUNCTION get_state FROM PUBLIC; +REVOKE ALL ON FUNCTION get_cmd_type FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_settings FROM PUBLIC; +REVOKE ALL ON FUNCTION decode_error_level FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_internal FROM PUBLIC; + GRANT SELECT ON pg_stat_monitor TO PUBLIC; diff --git a/pg_stat_monitor--2.0.sql b/pg_stat_monitor--2.0.sql index b2eb83a..339469a 100644 --- a/pg_stat_monitor--2.0.sql +++ b/pg_stat_monitor--2.0.sql @@ -366,6 +366,11 @@ $$ $$ LANGUAGE plpgsql; SELECT pgsm_create_view(); +REVOKE ALL ON FUNCTION range FROM PUBLIC; +REVOKE ALL ON FUNCTION get_cmd_type FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_settings FROM PUBLIC; +REVOKE ALL ON FUNCTION decode_error_level FROM PUBLIC; +REVOKE ALL ON FUNCTION pg_stat_monitor_internal FROM PUBLIC; GRANT SELECT ON pg_stat_monitor TO PUBLIC;