Re: [EXT]: Re: BUG #18604: Regression in PostgreSQL 16.4: pg_dump Prevents Essential System Table Modifications
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Christophe Pettus <xof@thebuild.com>
Cc: Basha <Basha@maxcontact.com>,
PostgreSQL Bug List <pgsql-bugs@lists.postgresql.org>
Date: 2024-09-07T00:24:59Z
Lists: pgsql-bugs
Christophe Pettus <xof@thebuild.com> writes: > You've really stepped outside what is considered supported behavior here. That it worked at all was more accidental than a documented and supported feature. Shadowing system catalogs with views *is* going to break things, and that `allow_system_table_mods` has that potential is documented. I'm sure this is frustrating, but it's extremely unlikely that this will be considered a regression worth undoing a security fix for. Indeed. You might look into enforcing the restriction you want by attaching an RLS policy to pg_database, instead of this hack. Mind you, we are unlikely to consider that supported either if push comes to shove. But it would at least dodge your immediate problem. (I'll just note that this implementation is full of holes anyway: you didn't mark the view as a security_barrier view, and that treatment of tableoid is hardly transparent. And I do hope that your real recipe includes revoking public read access on pg_database_catalog.) regards, tom lane