On 8/5/18, 4:12 PM, "Michael Paquier" <mich...@paquier.xyz> wrote: > Attached is a set of patches I proposed on the original thread, which > skips shared catalogs if the user running REINDEX is not an owner of > it. This is a behavior change, and as I have a hard time believing that > anybody can take advantage of the current situation, I would like also > to see this stuff back-patched, as anybody doing shared hosting of > Postgres is most likely fixing the hole one way or another. However, I > am sure as well that many folks here would not like that. > > This thread is here to gather opinions and to help reaching a consensus, > as I would like to do something at least on HEAD for future releases.
+1 for fixing this on master. Upon reading the versioning policy, which states that "minor releases fix only frequently-encountered, security, and data corruption bugs..." [0], I gather that back- patching such permissions changes might not be possible unless it is treated as a security issue. While I would love to see this fixed for older versions, I don't anticipate much support for back-patching. Kyotaro Horiguchi and Robert Haas have already voted against it in the previous thread, anyway. Nathan [0] https://www.postgresql.org/support/versioning/
