Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v8iPC-001zXJ-Oe for pgsql-hackers@arkaria.postgresql.org; Tue, 14 Oct 2025 17:01:46 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v8iPA-001VbS-Kt for pgsql-hackers@arkaria.postgresql.org; Tue, 14 Oct 2025 17:01:43 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v8iPA-001VbH-7M for pgsql-hackers@lists.postgresql.org; Tue, 14 Oct 2025 17:01:43 +0000 Received: from mail-pg1-x52a.google.com ([2607:f8b0:4864:20::52a]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1v8iP6-001kY3-2D for pgsql-hackers@postgresql.org; Tue, 14 Oct 2025 17:01:42 +0000 Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-b609a32a9b6so3294556a12.2 for ; Tue, 14 Oct 2025 10:01:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20230601.gappssmtp.com; s=20230601; t=1760461299; x=1761066099; darn=postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=H4/u5+8LfPGA58qGa4ORDseo7uM5RIgvhiqpc5lvzkk=; b=BvSvW5MC+hMPhOOzYFVVNDychMh6Kt/G7/dfWJvGnd1aXBIWve0STgStCdp+O0g5f3 3I05K4Kym2kqZ8Ryr2UvzDkAHvFYjg9EbIyz4wVQfJePN2QNN2ufEduCLvcgqvHq04tA Omg8fkS8x2fPI57uVR1GVWmyq0OwI8GnFWfKzGI8CZQHhQ7WTlRdLee7rotnjT0mYFFU tp0KPIprY9P/08lqTtCQ5Olc3StES+dJfTC0Bg3Ziq2Wd2S1aqjgxCWgh1zJKg1gKmL8 5jMDGY1JuTCSAkJP6OFHxwjAk4ffZ3sfqwhcO1DIiQiK0eh8x1EPGef2KA6fKzpX5Ond /uHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760461299; x=1761066099; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=H4/u5+8LfPGA58qGa4ORDseo7uM5RIgvhiqpc5lvzkk=; b=EQcCzUvLXtftZPtJFqfHRGuF7iiCD2rcUR7YmXLjXbT3/XKBFEG8jdCfO9UIocobTC 5tgMmtLAHi5ooc9Iav4IHcVXwo3T/KqOs8HnAav8L1TxP3FNxXXoXf9QxDzHeQo/bLuw 3bmAR7GRCzDaRVGQz73jan7by+bckPihMNpywlSYSQzYNbUuji6MhTWBQTRtaqFC0paA EpD0Uvo+R0AmfQM9VkTG8s3a03bWaExvP0Yq8LNXmRVp2+My4Q4I2NUZLjpaqSqzXjq7 ku5NPzcDavh/5OH0T4KSGzbvh4Di2ILhUKEezp1LJXpomxBZqyJuhEDQ91UmQvL85Uf1 GN4w== X-Forwarded-Encrypted: i=1; AJvYcCUuOkAcLezCMUAviRY8X38zoQCH3tHcTlYYW3FOrZlcsNZ1G5KXBq5N75gmrPJ1sTHoNWY4XYDnUpHUbZtM@postgresql.org X-Gm-Message-State: AOJu0Yxh22ehHvylnP7AAdceeIO4EAKcaDdY2uy0GLHmrFXOeFBUxWEv zaiSglybcjLEqpOVwUg4KADexrJGJqTGrvgq9f2VfvlQ68smFFhRtrMti5GkMFfOYg== X-Gm-Gg: ASbGncs/0f7TDGlpl9eTrfIgXy6KkZT4aIbtqO9sAO6XCLHsQ4zt6vBEaOKqEIASXo+ 5IRD91smMbLVc+Z5yZ8A1MjkXhKXtgfSCXX8QJRTrGaXQNrjbxQ/hmeKmZMC0RWXAfxjSbW4K0J pDqQ5PkCqZGqno92cpiOULtXAC+EqHJ1ytJHmIUx3AXRX2L0J50fGBRyXD2VvJZrcKtwqsAwRuO TRPlFnSTdO1G6UhRmURQFfH9acHfrKNQlTDHG6bmxCudSQSoWyK+41Y5zvEuZrcRzCm7u1jFL8l S7wJrivgSgPlQLYhsT7vw0G8g8nLrEQEFs4rVBJDqz4kpjyqAURL3sjtIjBFsndTTkJsyBfjPQN ZZQWOSLFZyCs3r1CVb9tOx1txGfBLpx+c1a4dGjTryoXGwIHw3YYipmf350of4LEHIwQv5wMlmz Q0Uo7Q+HjC X-Google-Smtp-Source: AGHT+IFJRboH12RXFTWXycN2jETN1YYv32ed3vAXloyAq5QXvatihRe7FAsdpmcLlM6n3Jyh6MfmGw== X-Received: by 2002:a17:902:f609:b0:282:2c52:5094 with SMTP id d9443c01a7336-290272c31d0mr326610485ad.37.1760461299020; Tue, 14 Oct 2025 10:01:39 -0700 (PDT) Received: from jeff-ws-bridge.lan (c-24-7-19-3.hsd1.ca.comcast.net. [24.7.19.3]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29034f837dcsm168641515ad.111.2025.10.14.10.01.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 10:01:38 -0700 (PDT) Message-ID: <857a4633aea6ef90bde4156ae351c49794b34732.camel@j-davis.com> Subject: Re: Clarification on Role Access Rights to Table Indexes From: Jeff Davis To: Nathan Bossart Cc: Corey Huinker , Tom Lane , Ayush Vatsa , Robert Haas , "David G. Johnston" , PostgreSQL Hackers Date: Tue, 14 Oct 2025 10:01:37 -0700 In-Reply-To: References: <3432170.1758730414@sss.pgh.pa.us> <8af53c6e8992aa706e63aafe60a3bcf100b524d1.camel@j-davis.com> <7b0e2774cdcc8f522ac82f64a8d7266f353a5094.camel@j-davis.com> <31a67adbb10b85ff7cddeafe75b9f6505c902e57.camel@j-davis.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.3-0ubuntu1 MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, 2025-10-14 at 11:05 -0500, Nathan Bossart wrote: > For > pg_prewarm, I don't know.=C2=A0 You do have to install the extension > before > using it, but once installed, it's available to everyone by default.=C2= =A0 > My > guess is that it just hasn't been a problem in the field. If we start with an OID, what's the right way to do these kinds of checks? Could we do an ACL check, then lock it, then do an ACL check again to catch OID wraparound? Last-minute suggestions on 0003: * Add a comment around the privOid check to explain that, if the object is an index, we must check the privileges on the table instead. * Clarify in the comment that the race against index drop/recreation involves OID wraparound. +1 to the patch and backpatch. As a separate thought, I'm wondering if we should do more to enforce the idea that we check the privileges and owner of an index's table, and never the index itself. That's for another discussion, though. > Regardless, fixing the lock-before-privilege-checks behavior doesn't > strike > me as a bug, so I think we ought to proceed with something like 0003 > for > back-patching purposes and then to rework it further for v19.=C2=A0 Does > that > sound okay to you? According to the current rules[1], it does seem to technically be a bug, but as far as I can tell, not one of much consequence. Regards, Jeff Davis [1] https://www.postgresql.org/message-id/976405.1760459426@sss.pgh.pa.us