Re: Clarification on Role Access Rights to Table Indexes

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Jeff Davis <pgsql(at)j-davis(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Clarification on Role Access Rights to Table Indexes
Date: 2025-10-10 16:26:08
Message-ID: aOkzoH-pXdBr0ewf@nathan
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Thu, Oct 09, 2025 at 04:18:03PM -0500, Nathan Bossart wrote:
> There's a similar pattern in get_rel_from_relname() in dblink.c, which also
> seems to only be used with an AccessShareLock (like pg_prewarm). My best
> guess from reading lots of code, commit messages, and old e-mails in the
> archives is that the original check-privileges-before-locking work was
> never completed.

I added an 0004 that changes dblink to use RangeVarGetRelidExtended().

> I'm currently leaning towards continuing with v4 of the patch set. 0001
> and 0003 are a little weird in that a concurrent change could lead to a
> "could not find parent table" ERROR, but IIUC that is an extremely remote
> possibility.

After sleeping on it, I still think this is the right call. In any case,
I've spent way too much time on this stuff, so I plan to commit the
attached soon.

--
nathan

Attachment Content-Type Size
v5-0001-fix-priv-checks-in-stats-code.patch text/plain 1.1 KB
v5-0002-fix-priv-checks-in-index-code.patch text/plain 2.7 KB
v5-0003-fix-priv-checks-in-pg_prewarm.patch text/plain 4.4 KB
v5-0004-avoid-locking-before-privilege-checks-in-dblink.patch text/plain 1.8 KB

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Jeff Davis 2025-10-10 18:31:03 Re: Clarification on Role Access Rights to Table Indexes
Previous Message sud 2025-10-10 15:27:47 Re: Alerting on memory use and instance crash

Browse pgsql-hackers by date

  From Date Subject
Next Message Ranier Vilela 2025-10-10 16:41:48 Re: Fix array access (src/bin/pg_dump/pg_dump.c)
Previous Message Amit Langote 2025-10-10 16:24:43 Re: ReadRecentBuffer() doesn't scale well