diff options
| author | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:13 -0700 |
|---|---|---|
| committer | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:13 -0700 |
| commit | 151c22deee66a3390ca9a1c3675e29de54ae73fc (patch) | |
| tree | e53584f9b07a0417e0f46d89aaba08d24b591a06 /src/backend/commands/lockcmds.c | |
| parent | ec99d6e9c87a8ff0f4805cc0c6c12cbb89c48e06 (diff) | |
| download | postgresql-151c22deee66a3390ca9a1c3675e29de54ae73fc.tar.gz postgresql-151c22deee66a3390ca9a1c3675e29de54ae73fc.zip | |
Revert MAINTAIN privilege and pg_maintain predefined role.
This reverts the following commits: 4dbdb82513, c2122aae63,
5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d,
and b5d6382496. A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.
Bumps catversion.
Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org
Backpatch-through: 16
Diffstat (limited to 'src/backend/commands/lockcmds.c')
| -rw-r--r-- | src/backend/commands/lockcmds.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c index 92662cbbc87..40ef4ede26f 100644 --- a/src/backend/commands/lockcmds.c +++ b/src/backend/commands/lockcmds.c @@ -284,7 +284,7 @@ LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid) AclMode aclmask; /* any of these privileges permit any lock mode */ - aclmask = ACL_MAINTAIN | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE; + aclmask = ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE; /* SELECT privileges also permit ACCESS SHARE and below */ if (lockmode <= AccessShareLock) |