Thread: missing GRANT on pg_subscription columns

missing GRANT on pg_subscription columns

From
"Euler Taveira"
Date:
Hi,

I was checking the GRANT on pg_subscription and noticed that the command is not
correct. There is a comment that says "All columns of pg_subscription except
subconninfo are readable". However, there are columns that aren't included: oid
and subsynccommit. It seems an oversight in the commits 6f236e1eb8c and
887227a1cc8.

There are monitoring tools and data collectors that aren't using a
superuser to read catalog information (I usually recommend using pg_monitor).
Hence, you cannot join pg_subscription with relations such as
pg_subscription_rel or pg_stat_subscription because column oid has no
column-level privilege. I'm attaching a patch to fix it (indeed, 2 patches
because of additional columns for v14). We should add instructions in the minor
version release notes too.

This issue was reported by Israel Barth.


--
Euler Taveira
EDB   https://www.enterprisedb.com/

Attachment

Re: missing GRANT on pg_subscription columns

From
Tom Lane
Date:
"Euler Taveira" <euler@eulerto.com> writes:
> I was checking the GRANT on pg_subscription and noticed that the command is not
> correct. There is a comment that says "All columns of pg_subscription except
> subconninfo are readable". However, there are columns that aren't included: oid
> and subsynccommit. It seems an oversight in the commits 6f236e1eb8c and
> 887227a1cc8.

Ugh.

> There are monitoring tools and data collectors that aren't using a
> superuser to read catalog information (I usually recommend using pg_monitor).
> Hence, you cannot join pg_subscription with relations such as
> pg_subscription_rel or pg_stat_subscription because column oid has no
> column-level privilege. I'm attaching a patch to fix it (indeed, 2 patches
> because of additional columns for v14). We should add instructions in the minor
> version release notes too.

I agree with fixing this in HEAD.  But given that this has been wrong
since v10 with zero previous complaints, I doubt that it is worth the
complication of trying to do something about it in the back branches.
Maybe we could just adjust the docs there, instead.

            regards, tom lane



Re: missing GRANT on pg_subscription columns

From
Amit Kapila
Date:
On Thu, Jun 3, 2021 at 10:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> "Euler Taveira" <euler@eulerto.com> writes:
> > I was checking the GRANT on pg_subscription and noticed that the command is not
> > correct. There is a comment that says "All columns of pg_subscription except
> > subconninfo are readable". However, there are columns that aren't included: oid
> > and subsynccommit. It seems an oversight in the commits 6f236e1eb8c and
> > 887227a1cc8.
>
> Ugh.
>
> > There are monitoring tools and data collectors that aren't using a
> > superuser to read catalog information (I usually recommend using pg_monitor).
> > Hence, you cannot join pg_subscription with relations such as
> > pg_subscription_rel or pg_stat_subscription because column oid has no
> > column-level privilege. I'm attaching a patch to fix it (indeed, 2 patches
> > because of additional columns for v14). We should add instructions in the minor
> > version release notes too.
>
> I agree with fixing this in HEAD.  But given that this has been wrong
> since v10 with zero previous complaints, I doubt that it is worth the
> complication of trying to do something about it in the back branches.
> Maybe we could just adjust the docs there, instead.
>

This sounds reasonable to me. Euler, can you provide the doc updates
for back-branches?

-- 
With Regards,
Amit Kapila.



Re: missing GRANT on pg_subscription columns

From
vignesh C
Date:
On Mon, Jun 7, 2021 at 2:38 PM Amit Kapila <amit.kapila16@gmail.com> wrote:
>
> On Thu, Jun 3, 2021 at 10:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >
> > "Euler Taveira" <euler@eulerto.com> writes:
> > > I was checking the GRANT on pg_subscription and noticed that the command is not
> > > correct. There is a comment that says "All columns of pg_subscription except
> > > subconninfo are readable". However, there are columns that aren't included: oid
> > > and subsynccommit. It seems an oversight in the commits 6f236e1eb8c and
> > > 887227a1cc8.
> >
> > Ugh.
> >
> > > There are monitoring tools and data collectors that aren't using a
> > > superuser to read catalog information (I usually recommend using pg_monitor).
> > > Hence, you cannot join pg_subscription with relations such as
> > > pg_subscription_rel or pg_stat_subscription because column oid has no
> > > column-level privilege. I'm attaching a patch to fix it (indeed, 2 patches
> > > because of additional columns for v14). We should add instructions in the minor
> > > version release notes too.
> >
> > I agree with fixing this in HEAD.  But given that this has been wrong
> > since v10 with zero previous complaints, I doubt that it is worth the
> > complication of trying to do something about it in the back branches.
> > Maybe we could just adjust the docs there, instead.
> >
>
> This sounds reasonable to me. Euler, can you provide the doc updates
> for back-branches?

Attached patch has the documentation changes for the back-branches. As
there is no specific reason for this, I have just mentioned
"Additionally normal users can't access columns oid and
subsynccommit." The same patch applies till V10 branch.

Regards,
Vignesh

Attachment

Re: missing GRANT on pg_subscription columns

From
Amit Kapila
Date:
On Mon, Jun 28, 2021 at 11:02 AM vignesh C <vignesh21@gmail.com> wrote:
>
> On Mon, Jun 7, 2021 at 2:38 PM Amit Kapila <amit.kapila16@gmail.com> wrote:
> >
> > On Thu, Jun 3, 2021 at 10:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > >
>
> Attached patch has the documentation changes for the back-branches. As
> there is no specific reason for this, I have just mentioned
> "Additionally normal users can't access columns oid and
> subsynccommit." The same patch applies till V10 branch.
>

Thanks for the patch. Tom has already pushed the code as part of
commit 3590680b85, so I am not sure if it is still valuable to fix
docs in back-branches.


-- 
With Regards,
Amit Kapila.