diff options
| author | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:23 -0700 |
|---|---|---|
| committer | Nathan Bossart <nathan@postgresql.org> | 2023-07-07 11:25:23 -0700 |
| commit | 957445996fda2d6939a8748f2a19c10b15941c5e (patch) | |
| tree | 21d4de4335a369465a02bee0dc4b3d95225eeac2 /src/include/nodes/parsenodes.h | |
| parent | 1124cb2cf2ebc1b0adb9c5289e53ffe094ce3206 (diff) | |
Revert MAINTAIN privilege and pg_maintain predefined role.
This reverts the following commits: 4dbdb82513, c2122aae63,
5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d,
and b5d6382496. A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.
Bumps catversion.
Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/E1q7j7Y-000z1H-Hr%40gemulon.postgresql.org
Backpatch-through: 16
Diffstat (limited to 'src/include/nodes/parsenodes.h')
| -rw-r--r-- | src/include/nodes/parsenodes.h | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h index b3bec90e526..9dca3b65287 100644 --- a/src/include/nodes/parsenodes.h +++ b/src/include/nodes/parsenodes.h @@ -94,8 +94,7 @@ typedef uint64 AclMode; /* a bitmask of privilege bits */ #define ACL_CONNECT (1<<11) /* for databases */ #define ACL_SET (1<<12) /* for configuration parameters */ #define ACL_ALTER_SYSTEM (1<<13) /* for configuration parameters */ -#define ACL_MAINTAIN (1<<14) /* for relations */ -#define N_ACL_RIGHTS 15 /* 1 plus the last 1<<x */ +#define N_ACL_RIGHTS 14 /* 1 plus the last 1<<x */ #define ACL_NO_RIGHTS 0 /* Currently, SELECT ... FOR [KEY] UPDATE/SHARE requires UPDATE privileges */ #define ACL_SELECT_FOR_UPDATE ACL_UPDATE |