Revert MAINTAIN privilege and pg_maintain predefined role.

This reverts the following commits: 4dbdb82513, c2122aae63, 5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d, and b5d6382496. A role with the MAINTAIN privilege may be able to use search_path tricks to escalate privileges to the table owner. Unfortunately, it is too late in the v16 development cycle to apply the proposed fix, i.e., restricting search_path when running maintenance commands. Bumps catversion. Reviewed-by: Jeff Davis Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org Backpatch-through: 16
author: Nathan Bossart 2023-07-07 18:25:13 +0000
committer: Nathan Bossart 2023-07-07 18:25:13 +0000
commit: 151c22deee66a3390ca9a1c3675e29de54ae73fc (patch)
tree: e53584f9b07a0417e0f46d89aaba08d24b591a06 /src/backend/commands/matview.c
parent: ec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/src/backend/commands/matview.c b/src/backend/commands/matview.c
index f9a3bdfc3ab..ac2e74fa3fb 100644
--- a/src/backend/commands/matview.c
+++ b/src/backend/commands/matview.c
@@ -165,8 +165,7 @@ ExecRefreshMatView(RefreshMatViewStmt *stmt, const char *queryString,
 	 */
 	matviewOid = RangeVarGetRelidExtended(stmt->relation,
 										  lockmode, 0,
-										  RangeVarCallbackMaintainsTable,
-										  NULL);
+										  RangeVarCallbackOwnsTable, NULL);
 	matviewRel = table_open(matviewOid, NoLock);
 	relowner = matviewRel->rd_rel->relowner;
author	Nathan Bossart	2023-07-07 18:25:13 +0000
committer	Nathan Bossart	2023-07-07 18:25:13 +0000
commit	151c22deee66a3390ca9a1c3675e29de54ae73fc (patch)
tree	e53584f9b07a0417e0f46d89aaba08d24b591a06 /src/backend/commands/matview.c
parent	ec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06 (diff)