On Tue, Mar 05, 2024 at 10:12:35AM -0600, Nathan Bossart wrote: > Thanks to Jeff's recent work with commits 2af07e2 and 59825d1, the issue > that led to the revert of the MAINTAIN privilege and the pg_maintain > predefined role (commit 151c22d) should now be resolved. Specifically, > there was a concern that roles with the MAINTAIN privilege could use > search_path tricks to run arbitrary code as the table owner. Jeff's work > prevents this by restricting search_path to a known safe value when running > maintenance commands. (This approach and others were discussed on the > lists quite extensively, and it was also brought up at the developer > meeting at FOSDEM [0] earlier this year.) > > Given this, I'd like to finally propose un-reverting MAINTAIN and > pg_maintain. I created a commitfest entry for this [1] a few weeks ago and > attached it to Jeff's search_path thread, but I figured it would be good to > create a dedicated thread for this, too. The attached patch is a straight > revert of commit 151c22d except for the following small changes: > > * The catversion bump has been removed for now. The catversion will need > to be bumped appropriately if/when this is committed. > > * The OID for the pg_maintain predefined role needed to be changed. The > original OID has been reused for something else since this feature was > reverted. > > * The change in AdjustUpgrade.pm needed to be updated to check for > "$old_version < 17" instead of "$old_version < 16".
Given all of this code was previously reviewed and committed, I am planning to forge ahead and commit this early next week, provided no objections or additional feedback materialize. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com