Check for CREATE privilege on the schema in CREATE STATISTICS.
This omission allowed table owners to create statistics in any
schema, potentially leading to unexpected naming conflicts. For
ALTER TABLE commands that require re-creating statistics objects,
skip this check in case the user has since lost CREATE on the
schema. The addition of a second parameter to CreateStatistics()
breaks ABI compatibility, but we are unaware of any impacted
third-party code.
Reported-by: Jelte Fennema-Nio <postgres@jeltef.nl>
Author: Jelte Fennema-Nio <postgres@jeltef.nl>
Co-authored-by: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de>
Security: CVE-2025-12817
Backpatch-through: 13
Branch
------
REL_16_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/d20abb5876ab61a627d80131b2cb78d9652557e3
Modified Files
--------------
src/backend/commands/statscmds.c | 17 +++++++++++++++-
src/backend/commands/tablecmds.c | 2 +-
src/backend/tcop/utility.c | 2 +-
src/include/commands/defrem.h | 2 +-
src/test/regress/expected/stats_ext.out | 36 +++++++++++++++++++++++++++++++++
src/test/regress/sql/stats_ext.sql | 33 ++++++++++++++++++++++++++++++
6 files changed, 88 insertions(+), 4 deletions(-)
