From b073c3ccd06e4cb845e121387a43faa8c68a7b62 Mon Sep 17 00:00:00 2001
From: Noah Misch
Date: Thu, 9 Sep 2021 23:38:09 -0700
Subject: Revoke PUBLIC CREATE from public schema, now owned by
 pg_database_owner.

This switches the default ACL to what the documentation has recommended
since CVE-2018-1058.  Upgrades will carry forward any old ownership and
ACL.  Sites that declined the 2018 recommendation should take a fresh
look.  Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc.  Out-of-tree test
suites may require such updates.

Reviewed by Peter Eisentraut.

Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com
---
 src/include/catalog/catversion.h     | 2 +-
 src/include/catalog/pg_namespace.dat | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/include')

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index fb35d3d5be4..3253b8751b1 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	202109061
+#define CATALOG_VERSION_NO	202109101
 
 #endif
diff --git a/src/include/catalog/pg_namespace.dat b/src/include/catalog/pg_namespace.dat
index 33992afd500..9a239754d69 100644
--- a/src/include/catalog/pg_namespace.dat
+++ b/src/include/catalog/pg_namespace.dat
@@ -21,6 +21,6 @@
 # update dumpNamespace() if changing this descr
 { oid => '2200', oid_symbol => 'PG_PUBLIC_NAMESPACE',
   descr => 'standard public schema',
-  nspname => 'public', nspacl => '_null_' },
+  nspname => 'public', nspowner => 'pg_database_owner', nspacl => '_null_' },
 
 ]
-- 
cgit v1.2.3