Christophe Pettus <xof@thebuild.com> writes:
> You've really stepped outside what is considered supported behavior here. That it worked at all was more accidental
thana documented and supported feature. Shadowing system catalogs with views *is* going to break things, and that
`allow_system_table_mods`has that potential is documented. I'm sure this is frustrating, but it's extremely unlikely
thatthis will be considered a regression worth undoing a security fix for.
Indeed. You might look into enforcing the restriction you want
by attaching an RLS policy to pg_database, instead of this hack.
Mind you, we are unlikely to consider that supported either if push
comes to shove. But it would at least dodge your immediate problem.
(I'll just note that this implementation is full of holes anyway: you
didn't mark the view as a security_barrier view, and that treatment of
tableoid is hardly transparent. And I do hope that your real recipe
includes revoking public read access on pg_database_catalog.)
regards, tom lane
