Re: MAINTAIN privilege -- what do we need to un-revert it?

On Mon, Mar 04, 2024 at 07:52:05PM -0800, Jeff Davis wrote:
> Committed.

Commit 2af07e2 wrote:
> --- a/src/backend/access/brin/brin.c
> +++ b/src/backend/access/brin/brin.c
> @@ -1412,6 +1412,8 @@ brin_summarize_range(PG_FUNCTION_ARGS)
>          SetUserIdAndSecContext(heapRel->rd_rel->relowner,
>                                 save_sec_context | SECURITY_RESTRICTED_OPERATION);
>          save_nestlevel = NewGUCNestLevel();
> +        SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET,
> +                        PGC_S_SESSION);

I've audited NewGUCNestLevel() calls that didn't get this addition.  Among
those, these need the addition:

- Each in ComputeIndexAttrs() -- they arise when the caller is DefineIndex()
- In DefineIndex(), after comment "changed a behavior-affecting GUC"

While "not necessary for security", ExecCreateTableAs() should do it for the
same reason it calls NewGUCNestLevel().