From cb5b8904d6a7293dd08f3b10045de182efc9b5dd Mon Sep 17 00:00:00 2001 From: Hari Babu Date: Mon, 9 Jul 2018 15:15:09 +1000 Subject: [PATCH] Revoke pg_stat_statements_reset() permissions Commit 25fff40798 has granted the execute permissions of the pg_stat_statements_reset() function to "pg_read_all_stats" role. As this role is meant to read the stats, but not to reset. So revoke the permissions on reset() function from "pg_read_all_stats". --- contrib/pg_stat_statements/Makefile | 3 ++- contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql | 7 +++++++ contrib/pg_stat_statements/pg_stat_statements.control | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql diff --git a/contrib/pg_stat_statements/Makefile b/contrib/pg_stat_statements/Makefile index 39b368b70e..b1f9954bd6 100644 --- a/contrib/pg_stat_statements/Makefile +++ b/contrib/pg_stat_statements/Makefile @@ -4,7 +4,8 @@ MODULE_big = pg_stat_statements OBJS = pg_stat_statements.o $(WIN32RES) EXTENSION = pg_stat_statements -DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.4--1.5.sql \ +DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.5--1.6.sql \ + pg_stat_statements--1.4--1.5.sql \ pg_stat_statements--1.3--1.4.sql pg_stat_statements--1.2--1.3.sql \ pg_stat_statements--1.1--1.2.sql pg_stat_statements--1.0--1.1.sql \ pg_stat_statements--unpackaged--1.0.sql diff --git a/contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql b/contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql new file mode 100644 index 0000000000..1b7e081fe9 --- /dev/null +++ b/contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql @@ -0,0 +1,7 @@ +/* contrib/pg_stat_statements/pg_stat_statements--1.5--1.6.sql */ + +-- complain if script is sourced in psql, rather than via ALTER EXTENSION +\echo Use "ALTER EXTENSION pg_stat_statements UPDATE TO '1.6'" to load this file. \quit + +-- Don't want this to be available to non-superusers. +REVOKE EXECUTE ON FUNCTION pg_stat_statements_reset() FROM pg_read_all_stats; diff --git a/contrib/pg_stat_statements/pg_stat_statements.control b/contrib/pg_stat_statements/pg_stat_statements.control index 193fcdfafa..617038b4c0 100644 --- a/contrib/pg_stat_statements/pg_stat_statements.control +++ b/contrib/pg_stat_statements/pg_stat_statements.control @@ -1,5 +1,5 @@ # pg_stat_statements extension comment = 'track execution statistics of all SQL statements executed' -default_version = '1.5' +default_version = '1.6' module_pathname = '$libdir/pg_stat_statements' relocatable = true -- 2.16.1.windows.4