Quick Links

Re: Clarification on Role Access Rights to Table Indexes

From:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
To:	Jeff Davis <pgsql(at)j-davis(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Clarification on Role Access Rights to Table Indexes
Date:	2025-10-10 16:26:08
Message-ID:	aOkzoH-pXdBr0ewf@nathan
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general pgsql-hackers

On Thu, Oct 09, 2025 at 04:18:03PM -0500, Nathan Bossart wrote:
> There's a similar pattern in get_rel_from_relname() in dblink.c, which also
> seems to only be used with an AccessShareLock (like pg_prewarm). My best
> guess from reading lots of code, commit messages, and old e-mails in the
> archives is that the original check-privileges-before-locking work was
> never completed.

I added an 0004 that changes dblink to use RangeVarGetRelidExtended().

> I'm currently leaning towards continuing with v4 of the patch set. 0001
> and 0003 are a little weird in that a concurrent change could lead to a
> "could not find parent table" ERROR, but IIUC that is an extremely remote
> possibility.

After sleeping on it, I still think this is the right call. In any case,
I've spent way too much time on this stuff, so I plan to commit the
attached soon.

--
nathan

Attachment	Content-Type	Size
v5-0001-fix-priv-checks-in-stats-code.patch	text/plain	1.1 KB
v5-0002-fix-priv-checks-in-index-code.patch	text/plain	2.7 KB
v5-0003-fix-priv-checks-in-pg_prewarm.patch	text/plain	4.4 KB
v5-0004-avoid-locking-before-privilege-checks-in-dblink.patch	text/plain	1.8 KB

In response to

Re: Clarification on Role Access Rights to Table Indexes at 2025-10-09 21:18:03 from Nathan Bossart

Responses

Re: Clarification on Role Access Rights to Table Indexes at 2025-10-10 18:31:03 from Jeff Davis

Browse pgsql-general by date

	From	Date	Subject
Next Message	Jeff Davis	2025-10-10 18:31:03	Re: Clarification on Role Access Rights to Table Indexes
Previous Message	sud	2025-10-10 15:27:47	Re: Alerting on memory use and instance crash

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Ranier Vilela	2025-10-10 16:41:48	Re: Fix array access (src/bin/pg_dump/pg_dump.c)
Previous Message	Amit Langote	2025-10-10 16:24:43	Re: ReadRecentBuffer() doesn't scale well