[Patch] Invalid permission check in pg_stats for functional indexes - Mailing list pgsql-hackers

From Pierre Ducroquet
Subject [Patch] Invalid permission check in pg_stats for functional indexes
Date
Msg-id 6369212.CF36pTLAQO@peanuts2
Whole thread Raw
Responses Re: [Patch] Invalid permission check in pg_stats for functional indexes
List pgsql-hackers
Hi

When using a functional index on a table, we realized that the permission 
check done in pg_stats was incorrect and thus preventing valid access to the 
statistics from users.

How to reproduce:

create table tbl1 (a integer, b integer);
insert into tbl1 select x, x % 50 from generate_series(1, 200000) x;
create index on tbl1 using btree ((a % (b + 1)));
analyze ;

create user demo_priv encrypted password 'demo';
revoke ALL on SCHEMA public from PUBLIC ;
grant select on tbl1 to demo_priv;
grant usage on schema public to demo_priv;

And as demo_priv user:

select tablename, attname from pg_stats where tablename like 'tbl1%';

Returns:
 tablename | attname 
-----------+---------
 tbl1      | a
 tbl1      | b
(2 rows)


Expected:
   tablename   | attname 
---------------+---------
 tbl1          | a
 tbl1          | b
 tbl1_expr_idx | expr
(3 rows)


The attached patch fixes this by introducing a second path in privilege check 
in pg_stats view.
I have not written a regression test yet, mainly because I'm not 100% certain 
where to write it. Given some hints, I would happily add it to this patch.

Regards

 Pierre Ducroquet

Attachment

pgsql-hackers by date:

Previous
From: Nikolay Shaplov
Date:
Subject: Re: Ltree syntax improvement
Next
From: Jose Luis Tallon
Date:
Subject: [PATCH] Implement uuid_version()