Re: Clarification on Role Access Rights to Table Indexes

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Jeff Davis <[email protected]>
To: Nathan Bossart <[email protected]>
Cc: Corey Huinker <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Ayush Vatsa <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: David G. Johnston <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Clarification on Role Access Rights to Table Indexes
Date: Tue, 14 Oct 2025 10:01:37 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <aO50zOmoRFnB9_IX@nathan>
References: <[email protected]>
	<aNQhuRQfD3PlpeuT@nathan>
	<[email protected]>
	<[email protected]>
	<aOfXNAFkj_EFm-8q@nathan>
	<aOgmi6avE6qMw_6t@nathan>
	<aOkzoH-pXdBr0ewf@nathan>
	<[email protected]>
	<aO1TaPd0YesHy5Sn@nathan>
	<[email protected]>
	<aO50zOmoRFnB9_IX@nathan>

On Tue, 2025-10-14 at 11:05 -0500, Nathan Bossart wrote:
> For
> pg_prewarm, I don't know.  You do have to install the extension
> before
> using it, but once installed, it's available to everyone by default. 
> My
> guess is that it just hasn't been a problem in the field.

If we start with an OID, what's the right way to do these kinds of
checks? Could we do an ACL check, then lock it, then do an ACL check
again to catch OID wraparound?

Last-minute suggestions on 0003:

  * Add a comment around the privOid check to explain that, if the
object is an index, we must check the privileges on the table instead.

  * Clarify in the comment that the race against index drop/recreation
involves OID wraparound.

+1 to the patch and backpatch.

As a separate thought, I'm wondering if we should do more to enforce
the idea that we check the privileges and owner of an index's table,
and never the index itself. That's for another discussion, though.

> Regardless, fixing the lock-before-privilege-checks behavior doesn't
> strike
> me as a bug, so I think we ought to proceed with something like 0003
> for
> back-patching purposes and then to rework it further for v19.  Does
> that
> sound okay to you?

According to the current rules[1], it does seem to technically be a
bug, but as far as I can tell, not one of much consequence.

Regards,
	Jeff Davis

[1]
https://www.postgresql.org/message-id/[email protected]

view thread (12+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Clarification on Role Access Rights to Table Indexes
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox