Vaibhav Dalvi <vaibhav.da...@enterprisedb.com> writes:
> Should we at least restrict dumping privileges for user objects inside
> pg_catalog to avoid pg_upgrade failure?
You haven't made a credible case for us to add any complexity in this
area. Anybody messing with pg_catalog is living very much in "if you
break it, you get to keep both pieces" territory. That extends not
just to whether the backend works at all, but whether auxiliary
functionality such as pg_dump works. So in particular I don't see
a reason why we should cater to manually-added pg_catalog functions
with non-default ACLs. There are enough moving parts in that area
already that I'm not eager to add more constraints to what pg_dump
needs to do.
regards, tom lane
