From: | Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com> |
Subject: | Re: [Patch] Invalid permission check in pg_stats for functional indexes |
Date: | 2019-09-03 18:53:19 |
Message-ID: | 20359573.oNSXtjVHDr@peanuts2 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tuesday, September 3, 2019 12:39:51 PM CEST Kuntal Ghosh wrote:
> Hello Pierre,
Hello Kuntal
>
> > When using a functional index on a table, we realized that the permission
> > check done in pg_stats was incorrect and thus preventing valid access to
> > the statistics from users.
> >
> > The attached patch fixes this by introducing a second path in privilege
> > check in pg_stats view.
>
> The patch doesn't apply on the latest HEAD [1].
All my apologies for that. I submitted this patch some time ago but forgot to
add it to the commit fest. Attached to this mail is a rebased version.
> IIUC, the patch introduces an additional privilege check for the
> underlying objects involved in the expression/functional index. If the
> user has 'select' privileges on all of the columns/objects included in
> the expression/functional index, then it should be visible in pg_stats
> view. I've applied the patch manually and tested the feature. It works
> as expected.
Indeed, you understood correctly. I have not digged around to find out the
origin of the current situation, but it does not look like an intentional
behaviour, more like a small oversight.
> > I have not written a regression test yet, mainly because I'm not 100%
> > certain where to write it. Given some hints, I would happily add it to
> > this patch.
> Yeah, it'll be good to have some regression tests for the same. I'm
> also not sure which regression file best suites for these tests.
Thank you very much for your review
Pierre
Attachment | Content-Type | Size |
---|---|---|
0001-Use-a-different-permission-check-path-for-indexes-an.patch | text/x-patch | 2.9 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2019-09-03 19:25:31 | Re: add a MAC check for TRUNCATE |
Previous Message | Alvaro Herrera | 2019-09-03 18:52:01 | Re: remove "msg" parameter from convert_tuples_by_name |