| From: | Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [Patch] Invalid permission check in pg_stats for functional indexes |
| Date: | 2019-04-06 11:40:27 |
| Message-ID: | 6369212.CF36pTLAQO@peanuts2 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi
When using a functional index on a table, we realized that the permission
check done in pg_stats was incorrect and thus preventing valid access to the
statistics from users.
How to reproduce:
create table tbl1 (a integer, b integer);
insert into tbl1 select x, x % 50 from generate_series(1, 200000) x;
create index on tbl1 using btree ((a % (b + 1)));
analyze ;
create user demo_priv encrypted password 'demo';
revoke ALL on SCHEMA public from PUBLIC ;
grant select on tbl1 to demo_priv;
grant usage on schema public to demo_priv;
And as demo_priv user:
select tablename, attname from pg_stats where tablename like 'tbl1%';
Returns:
tablename | attname
-----------+---------
tbl1 | a
tbl1 | b
(2 rows)
Expected:
tablename | attname
---------------+---------
tbl1 | a
tbl1 | b
tbl1_expr_idx | expr
(3 rows)
The attached patch fixes this by introducing a second path in privilege check
in pg_stats view.
I have not written a regression test yet, mainly because I'm not 100% certain
where to write it. Given some hints, I would happily add it to this patch.
Regards
Pierre Ducroquet
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Use-a-different-permission-check-path-for-indexes-an.patch | text/x-patch | 2.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jose Luis Tallon | 2019-04-06 11:57:22 | [PATCH] Implement uuid_version() |
| Previous Message | Nikolay Shaplov | 2019-04-06 11:28:59 | Re: Ltree syntax improvement |