projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ec99d6e) | patch
Revert MAINTAIN privilege and pg_maintain predefined role.
authorNathan Bossart <nathan@postgresql.org>
Fri, 7 Jul 2023 18:25:13 +0000 (11:25 -0700)
committerNathan Bossart <nathan@postgresql.org>
Fri, 7 Jul 2023 18:25:13 +0000 (11:25 -0700)
commit151c22deee66a3390ca9a1c3675e29de54ae73fc
treee53584f9b07a0417e0f46d89aaba08d24b591a06tree
parentec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06commit | diff
Revert MAINTAIN privilege and pg_maintain predefined role.

This reverts the following commits: 4dbdb82513c2122aae63,
5b1a8799439e1e9d6560ff9618e82a60684dd8344441fc704d,
and b5d6382496.  A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.

Bumps catversion.

Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org
Backpatch-through: 16
41 files changed:
doc/src/sgml/ddl.sgml diff | blob | blame | history
doc/src/sgml/func.sgml diff | blob | blame | history
doc/src/sgml/ref/alter_default_privileges.sgml diff | blob | blame | history
doc/src/sgml/ref/analyze.sgml diff | blob | blame | history
doc/src/sgml/ref/cluster.sgml diff | blob | blame | history
doc/src/sgml/ref/grant.sgml diff | blob | blame | history
doc/src/sgml/ref/lock.sgml diff | blob | blame | history
doc/src/sgml/ref/refresh_materialized_view.sgml diff | blob | blame | history
doc/src/sgml/ref/reindex.sgml diff | blob | blame | history
doc/src/sgml/ref/revoke.sgml diff | blob | blame | history
doc/src/sgml/ref/vacuum.sgml diff | blob | blame | history
doc/src/sgml/user-manag.sgml diff | blob | blame | history
src/backend/catalog/aclchk.c diff | blob | blame | history
src/backend/commands/analyze.c diff | blob | blame | history
src/backend/commands/cluster.c diff | blob | blame | history
src/backend/commands/indexcmds.c diff | blob | blame | history
src/backend/commands/lockcmds.c diff | blob | blame | history
src/backend/commands/matview.c diff | blob | blame | history
src/backend/commands/tablecmds.c diff | blob | blame | history
src/backend/commands/vacuum.c diff | blob | blame | history
src/backend/utils/adt/acl.c diff | blob | blame | history
src/bin/pg_dump/dumputils.c diff | blob | blame | history
src/bin/pg_dump/t/002_pg_dump.pl diff | blob | blame | history
src/bin/psql/tab-complete.c diff | blob | blame | history
src/include/catalog/catversion.h diff | blob | blame | history
src/include/catalog/pg_authid.dat diff | blob | blame | history
src/include/commands/tablecmds.h diff | blob | blame | history
src/include/commands/vacuum.h diff | blob | blame | history
src/include/nodes/parsenodes.h diff | blob | blame | history
src/include/utils/acl.h diff | blob | blame | history
src/test/isolation/expected/cluster-conflict-partition.out diff | blob | blame | history
src/test/isolation/specs/cluster-conflict-partition.spec diff | blob | blame | history
src/test/perl/PostgreSQL/Test/AdjustUpgrade.pm diff | blob | blame | history
src/test/regress/expected/cluster.out diff | blob | blame | history
src/test/regress/expected/create_index.out diff | blob | blame | history
src/test/regress/expected/dependency.out diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/cluster.sql diff | blob | blame | history
src/test/regress/sql/dependency.sql diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
This is the main PostgreSQL git repository.