| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: MAINTAIN privilege -- what do we need to un-revert it? |
| Date: | 2024-07-09 06:20:26 |
| Message-ID: | ZozWqg0XCkiPCnop@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jun 30, 2024 at 03:23:44PM -0700, Noah Misch wrote:
> I've audited NewGUCNestLevel() calls that didn't get this addition. Among
> those, these need the addition:
>
> - Each in ComputeIndexAttrs() -- they arise when the caller is DefineIndex()
> - In DefineIndex(), after comment "changed a behavior-affecting GUC"
Hmm. Is RestrictSearchPath() something that we should advertise more
strongly, thinking here about extensions that call NewGUCNestLevel()?
That would be really easy to miss, and it could have bad consequences.
I know that this is not something that's published in the release
notes, but it looks like something sensible to have, though.
> While "not necessary for security", ExecCreateTableAs() should do it for the
> same reason it calls NewGUCNestLevel().
+1.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2024-07-09 06:24:15 | Re: Add memory/disk usage for WindowAgg nodes in EXPLAIN |
| Previous Message | Michael Paquier | 2024-07-09 06:07:24 | Re: XID formatting and SLRU refactorings (was: Add 64-bit XIDs into PostgreSQL 15) |