Okay, the cause of the permissions regression failure is this:
Larry is running the regression tests as a superuser, but not as the
original postgres superuser. This means that when the privileges
regression test does
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
nothing happens, because the revoke is implicitly assumed to mean
"revoke whatever privileges I granted", and Larry's superuser hasn't
granted any. The public privileges on language SQL were granted by
user postgres, and they remain in force. So the later CREATE FUNCTION
that the test expects to fail, succeeds.
Is this a bug, or is it correct-per-spec behavior? It's surely likely
to confuse people. I wonder whether superusers shouldn't be allowed to
revoke privileges granted by other people. As the code stands, they
cannot.
If it isn't a bug, I think we'll have to document that the privileges
regression test fails when you run it as a non-original superuser. Ugh.
I've also found some corner-case bugs in ACL manipulation that arise
from the fact that Peter changed the code to allow zero-length ACL
arrays; seems he missed one or two consequences of that change. Will
fix these, but it doesn't affect the main issue.
regards, tom lane
