| From: | Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com> |
|---|---|
| To: | Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [Patch] Invalid permission check in pg_stats for functional indexes |
| Date: | 2019-09-03 10:39:51 |
| Message-ID: | CAGz5QC+GDXSDaw1snvK36h3Py2g+Z+sQEcmMUrupRGmewCQ0Xg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello Pierre,
> When using a functional index on a table, we realized that the permission
> check done in pg_stats was incorrect and thus preventing valid access to the
> statistics from users.
>
> The attached patch fixes this by introducing a second path in privilege check
> in pg_stats view.
The patch doesn't apply on the latest HEAD [1].
IIUC, the patch introduces an additional privilege check for the
underlying objects involved in the expression/functional index. If the
user has 'select' privileges on all of the columns/objects included in
the expression/functional index, then it should be visible in pg_stats
view. I've applied the patch manually and tested the feature. It works
as expected.
> I have not written a regression test yet, mainly because I'm not 100% certain
> where to write it. Given some hints, I would happily add it to this patch.
>
Yeah, it'll be good to have some regression tests for the same. I'm
also not sure which regression file best suites for these tests.
[1] http://cfbot.cputube.org/patch_24_2274.log
--
Thanks & Regards,
Kuntal Ghosh
EnterpriseDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fabien COELHO | 2019-09-03 11:55:15 | Re: pgbench - rework variable management |
| Previous Message | Tomas Vondra | 2019-09-03 10:39:09 | Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions |