Quick Links

Re: pgsql: Fix search_path to a safe value during maintenance operations.

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Jeff Davis <pgsql(at)j-davis(dot)com>
Cc:	"David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Jeff Davis <jdavis(at)postgresql(dot)org>, "pgsql-committers(at)lists(dot)postgresql(dot)org" <pgsql-committers(at)lists(dot)postgresql(dot)org>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Subject:	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Date:	2023-06-13 21:18:01
Message-ID:	1805937.1686691081@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers pgsql-hackers

Jeff Davis <pgsql(at)j-davis(dot)com> writes:
> The most objection seems to be expressed most succinctly in this
> message:
> https://www.postgresql.org/message-id/16134.1456767564%40sss.pgh.pa.us
> "if we allow non-owners to run ANALYZE, they'd be able to mess things
> up by setting the stats target either much lower or much higher than
> the table owner expected"

> I have trouble seeing much of a problem here if there is an explicit
> MAINTAIN privilege. If you grant someone MAINTAIN to someone, it's not
> surprising that you need to coordinate maintenance-related settings
> with that user; and if you don't, then it's not surprising that the
> statistics could get messed up.

I agree that granting MAINTAIN implies that you trust the grantee
not to mess up your stats.

> Perhaps the objections in that thread were because the proposal
> involved inferring the privilege to ANALYZE from other privileges,
> rather than having an explicit MAINTAIN privilege?

Exactly.

regards, tom lane

In response to

Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-13 20:55:13 from Jeff Davis

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Tom Lane	2023-06-13 22:01:44	pgsql: Fix "wrong varnullingrels" for Memoize's lateral references, too
Previous Message	David G. Johnston	2023-06-13 21:00:32	Re: pgsql: Fix search_path to a safe value during maintenance operations.

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Masahiko Sawada	2023-06-13 21:33:18	Fix a typo in md.c
Previous Message	Nathan Bossart	2023-06-13 21:12:46	Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX