database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-03 20:02:46 +03:00
Code Activity

Revert MAINTAIN privilege and pg_maintain predefined role.

Browse Source 
This reverts the following commits: 4dbdb82513, c2122aae63,
5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d,
and b5d6382496.  A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.

Bumps catversion.

Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org
Backpatch-through: 16
This commit is contained in:
Nathan Bossart
2023-07-07 11:25:13 -07:00
parent ec99d6e9c8
commit 151c22deee
41 changed files with 179 additions and 445 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/commands/tablecmds.c
View File

@ -16978,16 +16978,15 @@ AtEOSubXact_on_commit_actions(bool isCommit, SubTransactionId mySubid,
* This is intended as a callback for RangeVarGetRelidExtended(). It allows
* the relation to be locked only if (1) it's a plain or partitioned table,
* materialized view, or TOAST table and (2) the current user is the owner (or
* the superuser) or has been granted MAINTAIN. This meets the
* permission-checking needs of CLUSTER, REINDEX TABLE, and REFRESH
* MATERIALIZED VIEW; we expose it here so that it can be used by all.
* the superuser). This meets the permission-checking needs of CLUSTER,
* REINDEX TABLE, and REFRESH MATERIALIZED VIEW; we expose it here so that it
* can be used by all.
*/
void
RangeVarCallbackMaintainsTable(const RangeVar *relation,
Oid relId, Oid oldRelId, void *arg)
RangeVarCallbackOwnsTable(const RangeVar *relation,
Oid relId, Oid oldRelId, void *arg)
{
char relkind;
AclResult aclresult;
/* Nothing to do if the relation was not found. */
if (!OidIsValid(relId))
@ -17008,9 +17007,8 @@ RangeVarCallbackMaintainsTable(const RangeVar *relation,
errmsg("\"%s\" is not a table or materialized view", relation->relname)));
/* Check permissions */
aclresult = pg_class_aclcheck(relId, GetUserId(), ACL_MAINTAIN);
if (aclresult != ACLCHECK_OK)
aclcheck_error(aclresult, OBJECT_TABLE, relation->relname);
if (!object_ownercheck(RelationRelationId, relId, GetUserId()))
aclcheck_error(ACLCHECK_NOT_OWNER, get_relkind_objtype(get_rel_relkind(relId)), relation->relname);
}
/*