| From: | Nathan Bossart <nathan(at)postgresql(dot)org> | 
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org | 
| Subject: | pgsql: Fix privilege checks for pg_prewarm() on indexes. | 
| Date: | 2025-10-17 16:37:50 | 
| Message-ID: | E1v9nSg-002AS9-2L@gemulon.postgresql.org | 
| Views: | Whole Thread | Raw Message | Download mbox | Resend email | 
| Thread: | |
| Lists: | pgsql-committers | 
Fix privilege checks for pg_prewarm() on indexes.
pg_prewarm() currently checks for SELECT privileges on the target
relation.  However, indexes do not have access rights of their own,
so a role may be denied permission to prewarm an index despite
having the SELECT privilege on its parent table.  This commit fixes
this by locking the parent table before the index (to avoid
deadlocks) and checking for SELECT on the parent table.  Note that
the code is largely borrowed from
amcheck_lock_relation_and_check().
An obvious downside of this change is the extra AccessShareLock on
the parent table during prewarming, but that isn't expected to
cause too much trouble in practice.
Author: Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>
Co-authored-by: Nathan Bossart <nathandbossart(at)gmail(dot)com>
Reviewed-by: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Reviewed-by: Jeff Davis <pgsql(at)j-davis(dot)com>
Discussion: https://postgr.es/m/CACX%2BKaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko%3DD4FSb80BYW%2Bo8CHQ%40mail.gmail.com
Backpatch-through: 13
Branch
------
REL_16_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/fae0ce5e318eea8cd8f7bac936a58ee7cbd10bf8
Modified Files
--------------
contrib/pg_prewarm/pg_prewarm.c   | 47 ++++++++++++++++++++++++++++++++++++---
contrib/pg_prewarm/t/001_basic.pl | 29 +++++++++++++++++++++++-
2 files changed, 72 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2025-10-17 18:29:32 | pgsql: Remove unused data_bufsz from DecodedBkpBlock struct. | 
| Previous Message | Tom Lane | 2025-10-17 15:25:58 | pgsql: Improve TAP tests by replacing ok() with better Test::More funct |