Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
This switches the default ACL to what the documentation has recommended
since CVE-2018-1058. Upgrades will carry forward any old ownership and
ACL. Sites that declined the 2018 recommendation should take a fresh
look. Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc. Out-of-tree test
suites may require such updates.
Reviewed by Peter Eisentraut.
Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/b073c3ccd06e4cb845e121387a43faa8c68a7b62
Modified Files
--------------
contrib/postgres_fdw/expected/postgres_fdw.out | 2 +-
contrib/postgres_fdw/sql/postgres_fdw.sql | 2 +-
doc/src/sgml/ddl.sgml | 56 ++++++++++++++------------
doc/src/sgml/user-manag.sgml | 19 ++++-----
src/bin/initdb/initdb.c | 3 +-
src/bin/pg_dump/pg_dump.c | 28 ++++++++-----
src/bin/pg_dump/t/002_pg_dump.pl | 19 ++++-----
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_namespace.dat | 2 +-
src/pl/plperl/expected/plperl_setup.out | 4 ++
src/pl/plperl/sql/plperl_setup.sql | 4 ++
src/test/regress/input/tablespace.source | 5 ++-
src/test/regress/output/tablespace.source | 4 +-
13 files changed, 86 insertions(+), 64 deletions(-)