Re: [Patch] Invalid permission check in pg_stats for functional indexes

From: Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info>
To: pgsql-hackers(at)postgresql(dot)org
Cc: Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com>
Subject: Re: [Patch] Invalid permission check in pg_stats for functional indexes
Date: 2019-09-03 18:53:19
Message-ID: 20359573.oNSXtjVHDr@peanuts2
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Tuesday, September 3, 2019 12:39:51 PM CEST Kuntal Ghosh wrote:
> Hello Pierre,

Hello Kuntal
> > When using a functional index on a table, we realized that the permission
> > check done in pg_stats was incorrect and thus preventing valid access to
> > the statistics from users.
> >
> > The attached patch fixes this by introducing a second path in privilege
> > check in pg_stats view.
> The patch doesn't apply on the latest HEAD [1].

All my apologies for that. I submitted this patch some time ago but forgot to
add it to the commit fest. Attached to this mail is a rebased version.

> IIUC, the patch introduces an additional privilege check for the
> underlying objects involved in the expression/functional index. If the
> user has 'select' privileges on all of the columns/objects included in
> the expression/functional index, then it should be visible in pg_stats
> view. I've applied the patch manually and tested the feature. It works
> as expected.

Indeed, you understood correctly. I have not digged around to find out the
origin of the current situation, but it does not look like an intentional
behaviour, more like a small oversight.

> > I have not written a regression test yet, mainly because I'm not 100%
> > certain where to write it. Given some hints, I would happily add it to
> > this patch.
> Yeah, it'll be good to have some regression tests for the same. I'm
> also not sure which regression file best suites for these tests.

Thank you very much for your review


Attachment Content-Type Size
0001-Use-a-different-permission-check-path-for-indexes-an.patch text/x-patch 2.9 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2019-09-03 19:25:31 Re: add a MAC check for TRUNCATE
Previous Message Alvaro Herrera 2019-09-03 18:52:01 Re: remove "msg" parameter from convert_tuples_by_name