Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Bossart2023-07-07 18:25:13 +0000
committerNathan Bossart2023-07-07 18:25:13 +0000
commit151c22deee66a3390ca9a1c3675e29de54ae73fc (patch)
treee53584f9b07a0417e0f46d89aaba08d24b591a06 /src/backend/commands/matview.c
parentec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06 (diff)
Revert MAINTAIN privilege and pg_maintain predefined role.
This reverts the following commits: 4dbdb82513, c2122aae63, 5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d, and b5d6382496. A role with the MAINTAIN privilege may be able to use search_path tricks to escalate privileges to the table owner. Unfortunately, it is too late in the v16 development cycle to apply the proposed fix, i.e., restricting search_path when running maintenance commands. Bumps catversion. Reviewed-by: Jeff Davis Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org Backpatch-through: 16
Diffstat (limited to 'src/backend/commands/matview.c')
-rw-r--r--src/backend/commands/matview.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/backend/commands/matview.c b/src/backend/commands/matview.c
index f9a3bdfc3ab..ac2e74fa3fb 100644
--- a/src/backend/commands/matview.c
+++ b/src/backend/commands/matview.c
@@ -165,8 +165,7 @@ ExecRefreshMatView(RefreshMatViewStmt *stmt, const char *queryString,
*/
matviewOid = RangeVarGetRelidExtended(stmt->relation,
lockmode, 0,
- RangeVarCallbackMaintainsTable,
- NULL);
+ RangeVarCallbackOwnsTable, NULL);
matviewRel = table_open(matviewOid, NoLock);
relowner = matviewRel->rd_rel->relowner;