[Patch] Invalid permission check in pg_stats for functional indexes

From: Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: [Patch] Invalid permission check in pg_stats for functional indexes
Date: 2019-04-06 11:40:27
Message-ID: 6369212.CF36pTLAQO@peanuts2
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi

When using a functional index on a table, we realized that the permission
check done in pg_stats was incorrect and thus preventing valid access to the
statistics from users.

How to reproduce:

create table tbl1 (a integer, b integer);
insert into tbl1 select x, x % 50 from generate_series(1, 200000) x;
create index on tbl1 using btree ((a % (b + 1)));
analyze ;

create user demo_priv encrypted password 'demo';
revoke ALL on SCHEMA public from PUBLIC ;
grant select on tbl1 to demo_priv;
grant usage on schema public to demo_priv;

And as demo_priv user:

select tablename, attname from pg_stats where tablename like 'tbl1%';

Returns:
tablename | attname
-----------+---------
tbl1 | a
tbl1 | b
(2 rows)

Expected:
tablename | attname
---------------+---------
tbl1 | a
tbl1 | b
tbl1_expr_idx | expr
(3 rows)

The attached patch fixes this by introducing a second path in privilege check
in pg_stats view.
I have not written a regression test yet, mainly because I'm not 100% certain
where to write it. Given some hints, I would happily add it to this patch.

Regards

Pierre Ducroquet

Attachment Content-Type Size
0001-Use-a-different-permission-check-path-for-indexes-an.patch text/x-patch 2.9 KB

Browse pgsql-hackers by date

  From Date Subject
Next Message Jose Luis Tallon 2019-04-06 11:57:22 [PATCH] Implement uuid_version()
Previous Message Nikolay Shaplov 2019-04-06 11:28:59 Re: Ltree syntax improvement