Re: Fix search_path for all maintenance commands - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: Fix search_path for all maintenance commands
Date
Msg-id dfdd53fcf4be43777c81bf66ef725e28b3169ce1.camel@j-davis.com
Whole thread Raw
In response to Re: Fix search_path for all maintenance commands  (Jeff Davis <pgsql@j-davis.com>)
Responses Re: Fix search_path for all maintenance commands
Re: Fix search_path for all maintenance commands
List pgsql-hackers
On Fri, 2023-07-21 at 15:32 -0700, Jeff Davis wrote:
> Attached is a new version.

Do we still want to do this?

Right now, the MAINTAIN privilege is blocking on some way to prevent
malicious users from abusing the MAINTAIN privilege and search_path to
acquire the table owner's privileges.

The approach of locking down search_path during maintenance commands
would solve the problem, but it means that we are enforcing search_path
in some contexts and not others. That's not great, but it's similar to
what we are doing when we ignore SECURITY INVOKER and run the function
as the table owner during a maintenance command, or (by default) for
subscriptions.

My attempts to more generally try to lock down search_path for
functions attached to tables didn't seem to get much consensus, so if
we do make an exception to lock down search_path for maintenance
commands only, it would stay an exception for the foreseeable future.

Thoughts?

Regards,
    Jeff Davis




pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [PATCH] minor bug fix for pg_dump --clean
Next
From: Bruce Momjian
Date:
Subject: Re: [PATCH v1] [doc] polish the comments of reloptions