mirror of
https://github.com/timescale/timescaledb.git
synced 2025-05-16 18:43:18 +08:00
97681c2328
Previously, catalog tables were not fully protected from malicious non-superusers. This PR fixes permission handling be severely restricting permissions to the catalog and instead using SECURITY DEFINER functions to alter the catalog when needed without giving users permission to do those same operations outside of these functions. In addition, these functions check for proper permissions themselves so are safe to use. This PR also makes sure that chunk tables have the same owner as the hypertable and correctly handles `ALTER TABLE...OWNER TO` commands to keep this info in sync.