Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
authorNoah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
committerNoah Misch <noah@leadboat.com>
Fri, 10 Sep 2021 06:38:09 +0000 (23:38 -0700)
commitb073c3ccd06e4cb845e121387a43faa8c68a7b62
tree47e7f43d5ced29aab75de1942f2e905bcba86278
parentcba79a163267a44205e391137deb543f4f89bc8b
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.

This switches the default ACL to what the documentation has recommended
since CVE-2018-1058.  Upgrades will carry forward any old ownership and
ACL.  Sites that declined the 2018 recommendation should take a fresh
look.  Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc.  Out-of-tree test
suites may require such updates.

Reviewed by Peter Eisentraut.

Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com
13 files changed:
contrib/postgres_fdw/expected/postgres_fdw.out
contrib/postgres_fdw/sql/postgres_fdw.sql
doc/src/sgml/ddl.sgml
doc/src/sgml/user-manag.sgml
src/bin/initdb/initdb.c
src/bin/pg_dump/pg_dump.c
src/bin/pg_dump/t/002_pg_dump.pl
src/include/catalog/catversion.h
src/include/catalog/pg_namespace.dat
src/pl/plperl/expected/plperl_setup.out
src/pl/plperl/sql/plperl_setup.sql
src/test/regress/input/tablespace.source
src/test/regress/output/tablespace.source