Re: Extension pg_trgm, permissions and pg_dump order

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Noah Misch <noah@leadboat.com>, Färber, Franz-Josef (StMUK) <Franz-Josef.Faerber@stmuk.bayern.de>, PostgreSQL mailing lists <pgsql-bugs@lists.postgresql.org>
Date: 2022-05-27T19:32:37Z
Lists: pgsql-bugs, pgsql-general
Robert Haas <robertmhaas@gmail.com> writes:
> On Fri, May 27, 2022 at 2:53 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> From the security perspective it may be just fine.  Nonetheless,
>> we need to un-break pg_dump; it's not optional for that to work.

> That's pretty obvious. What's not obvious - at least to me - is
> whether the kinds of changes that Noah is proposing to make here have
> the effect of putting back the security vulnerability that the
> original commit was intended to fix.

Yeah, that is the problematic part of this.  I'm not sure about that
either, and we'll need to look at it closely.

			regards, tom lane



Commits

  1. CREATE INDEX: use the original userid for more ACL checks.