diff options
| author | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:13 -0700 |
|---|---|---|
| committer | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:13 -0700 |
| commit | 151c22deee66a3390ca9a1c3675e29de54ae73fc (patch) | |
| tree | e53584f9b07a0417e0f46d89aaba08d24b591a06 /src/backend/utils/adt/acl.c | |
| parent | ec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06 (diff) | |
| download | postgresql-151c22deee66a3390ca9a1c3675e29de54ae73fc.tar.gz postgresql-151c22deee66a3390ca9a1c3675e29de54ae73fc.zip | |
Revert MAINTAIN privilege and pg_maintain predefined role.
This reverts the following commits: 4dbdb82513, c2122aae63,
5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d,
and b5d6382496. A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.
Bumps catversion.
Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org
Backpatch-through: 16
Diffstat (limited to 'src/backend/utils/adt/acl.c')
| -rw-r--r-- | src/backend/utils/adt/acl.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index c660fd3e701..883e09393a4 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -332,9 +332,6 @@ aclparse(const char *s, AclItem *aip, Node *escontext) case ACL_ALTER_SYSTEM_CHR: read = ACL_ALTER_SYSTEM; break; - case ACL_MAINTAIN_CHR: - read = ACL_MAINTAIN; - break; case 'R': /* ignore old RULE privileges */ read = 0; break; @@ -1626,7 +1623,6 @@ makeaclitem(PG_FUNCTION_ARGS) {"CONNECT", ACL_CONNECT}, {"SET", ACL_SET}, {"ALTER SYSTEM", ACL_ALTER_SYSTEM}, - {"MAINTAIN", ACL_MAINTAIN}, {"RULE", 0}, /* ignore old RULE privileges */ {NULL, 0} }; @@ -1735,8 +1731,6 @@ convert_aclright_to_string(int aclright) return "SET"; case ACL_ALTER_SYSTEM: return "ALTER SYSTEM"; - case ACL_MAINTAIN: - return "MAINTAIN"; default: elog(ERROR, "unrecognized aclright: %d", aclright); return NULL; @@ -2046,8 +2040,6 @@ convert_table_priv_string(text *priv_type_text) {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)}, {"TRIGGER", ACL_TRIGGER}, {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)}, - {"MAINTAIN", ACL_MAINTAIN}, - {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)}, {"RULE", 0}, /* ignore old RULE privileges */ {"RULE WITH GRANT OPTION", 0}, {NULL, 0} |