Re: pgsql: Fix search_path to a safe value during maintenance operations.
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Noah Misch <noah@leadboat.com>
Cc: Jeff Davis <pgsql@j-davis.com>, pgsql-committers@lists.postgresql.org
Date: 2023-06-13T20:23:24Z
Lists: pgsql-hackers
Noah Misch <noah@leadboat.com> writes: > Best argument for shipping without $SUBJECT: we already have REFERENCES and > TRIGGER privilege that tend to let the grantee hijack the table owner's > account. Adding MAINTAIN to the list, while sad, is defensible. I still > prefer to ship with $SUBJECT, not without. What I'm concerned about is making such a fundamental semantics change post-beta1. It'll basically invalidate any application compatibility testing anybody might have done against beta1. I think this ship has sailed as far as v16 is concerned, although we could reconsider it in v17. Also, I fail to see any connection to the MAINTAIN privilege: the committed-and-reverted patch would break things whether the user was making any use of that privilege or not. Thus, I do not accept the idea that we're fixing something that's new in 16. regards, tom lane
Commits
-
Fix search_path to a safe value during maintenance operations.
- 2af07e2f749a 17.0 landed
- 05e173735171 16.0 cited
-
Revert MAINTAIN privilege and pg_maintain predefined role.
- 957445996fda 16.0 landed
- 151c22deee66 17.0 landed
-
Add grantable MAINTAIN privilege and pg_maintain role.
- 60684dd834a2 16.0 cited
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 cited