un-revert the MAINTAIN privilege and the pg_maintain predefined role
От | Nathan Bossart |
---|---|
Тема | un-revert the MAINTAIN privilege and the pg_maintain predefined role |
Дата | |
Msg-id | 20240305161235.GA3478007@nathanxps13 обсуждение исходный текст |
Ответы |
Re: un-revert the MAINTAIN privilege and the pg_maintain predefined role
|
Список | pgsql-hackers |
Thanks to Jeff's recent work with commits 2af07e2 and 59825d1, the issue that led to the revert of the MAINTAIN privilege and the pg_maintain predefined role (commit 151c22d) should now be resolved. Specifically, there was a concern that roles with the MAINTAIN privilege could use search_path tricks to run arbitrary code as the table owner. Jeff's work prevents this by restricting search_path to a known safe value when running maintenance commands. (This approach and others were discussed on the lists quite extensively, and it was also brought up at the developer meeting at FOSDEM [0] earlier this year.) Given this, I'd like to finally propose un-reverting MAINTAIN and pg_maintain. I created a commitfest entry for this [1] a few weeks ago and attached it to Jeff's search_path thread, but I figured it would be good to create a dedicated thread for this, too. The attached patch is a straight revert of commit 151c22d except for the following small changes: * The catversion bump has been removed for now. The catversion will need to be bumped appropriately if/when this is committed. * The OID for the pg_maintain predefined role needed to be changed. The original OID has been reused for something else since this feature was reverted. * The change in AdjustUpgrade.pm needed to be updated to check for "$old_version < 17" instead of "$old_version < 16". Thoughts? [0] https://wiki.postgresql.org/wiki/FOSDEM/PGDay_2024_Developer_Meeting#The_Path_to_un-reverting_the_MAINTAIN_privilege [1] https://commitfest.postgresql.org/47/4836/ -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Вложения
В списке pgsql-hackers по дате отправления: