Re: MAINTAIN privilege -- what do we need to un-revert it?

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Noah Misch <noah(at)leadboat(dot)com>
Cc: Jeff Davis <pgsql(at)j-davis(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>
Subject: Re: MAINTAIN privilege -- what do we need to un-revert it?
Date: 2024-07-09 06:20:26
Message-ID: ZozWqg0XCkiPCnop@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Jun 30, 2024 at 03:23:44PM -0700, Noah Misch wrote:
> I've audited NewGUCNestLevel() calls that didn't get this addition. Among
> those, these need the addition:
>
> - Each in ComputeIndexAttrs() -- they arise when the caller is DefineIndex()
> - In DefineIndex(), after comment "changed a behavior-affecting GUC"

Hmm. Is RestrictSearchPath() something that we should advertise more
strongly, thinking here about extensions that call NewGUCNestLevel()?
That would be really easy to miss, and it could have bad consequences.
I know that this is not something that's published in the release
notes, but it looks like something sensible to have, though.

> While "not necessary for security", ExecCreateTableAs() should do it for the
> same reason it calls NewGUCNestLevel().

+1.
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Ashutosh Bapat 2024-07-09 06:24:15 Re: Add memory/disk usage for WindowAgg nodes in EXPLAIN
Previous Message Michael Paquier 2024-07-09 06:07:24 Re: XID formatting and SLRU refactorings (was: Add 64-bit XIDs into PostgreSQL 15)