Quick Links

Re: pgsql: Fix search_path to a safe value during maintenance operations.

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	"David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
Cc:	Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Davis <jdavis(at)postgresql(dot)org>, "pgsql-committers(at)lists(dot)postgresql(dot)org" <pgsql-committers(at)lists(dot)postgresql(dot)org>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Subject:	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Date:	2023-06-13 20:55:13
Message-ID:	f0228b6529eb2fcdaff639e0a37f0598f5c00d4a.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers pgsql-hackers

On Tue, 2023-06-13 at 13:22 -0700, David G. Johnston wrote:
> This is the specific (first?) message I am recalling.
>
> https://www.postgresql.org/message-id/A737B7A37273E048B164557ADEF4A58B53803F5A%40ntex2010i.host.magwien.gv.at

The most objection seems to be expressed most succinctly in this
message:

https://www.postgresql.org/message-id/16134.1456767564%40sss.pgh.pa.us

"if we allow non-owners to run ANALYZE, they'd be able to mess things
up by setting the stats target either much lower or much higher than
the table owner expected"

I have trouble seeing much of a problem here if there is an explicit
MAINTAIN privilege. If you grant someone MAINTAIN to someone, it's not
surprising that you need to coordinate maintenance-related settings
with that user; and if you don't, then it's not surprising that the
statistics could get messed up.

Perhaps the objections in that thread were because the proposal
involved inferring the privilege to ANALYZE from other privileges,
rather than having an explicit MAINTAIN privilege?

Regards,
Jeff Davis

In response to

Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-13 20:22:01 from David G. Johnston

Responses

Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-13 21:00:32 from David G. Johnston
Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-13 21:18:01 from Tom Lane

Browse pgsql-committers by date

	From	Date	Subject
Next Message	David G. Johnston	2023-06-13 21:00:32	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Previous Message	Tom Lane	2023-06-13 20:23:24	Re: pgsql: Fix search_path to a safe value during maintenance operations.

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	David G. Johnston	2023-06-13 21:00:32	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Previous Message	Tristan Partin	2023-06-13 20:47:08	Re: Meson build updates