Document search_path security with untrusted dbowner or CREATEROLE.
authorNoah Misch <[email protected]>
Sun, 8 Dec 2019 19:06:26 +0000 (11:06 -0800)
committerNoah Misch <[email protected]>
Sun, 8 Dec 2019 19:06:31 +0000 (11:06 -0800)
commit08395e592cbc540bdf111ab4a27e01a375983e23
treefce95674b36c9a04076e8cf8e78813ddbe3e53fb
parent44381b1aff0e92acc91381c40f1b07514e93a18b
Document search_path security with untrusted dbowner or CREATEROLE.

Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that
certain schema usage patterns are secure against CREATEROLE users and
database owners.  When an untrusted user is the database owner or holds
CREATEROLE privilege, a query is secure only if its session started with
SELECT pg_catalog.set_config('search_path', '', false) or equivalent.
Back-patch to 9.4 (all supported versions).

Discussion: https://postgr.es/m/20191013013512[email protected]
doc/src/sgml/ddl.sgml