Re: Extension pg_trgm, permissions and pg_dump order

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: pgsql-bugs@lists.postgresql.org
Cc: Färber, Franz-Josef (StMUK) <Franz-Josef.Faerber@stmuk.bayern.de>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2022-05-28T04:51:22Z
Lists: pgsql-bugs, pgsql-general
On Wed, May 25, 2022 at 10:50:47PM -0700, Noah Misch wrote:
> BEGIN;
> CREATE ROLE limitedrole;
> CREATE SCHEMA ext_trgm;
> CREATE EXTENSION pg_trgm SCHEMA ext_trgm;
> CREATE TABLE x(y text);
> ALTER TABLE x OWNER TO limitedrole;
> CREATE INDEX ON x USING gist(y ext_trgm.gist_trgm_ops);
> ROLLBACK;

> Not too simple, no.  The parts of DefineIndex() that execute user code
> (e.g. DefineIndex->ComputeIndexAttrs->CheckMutability) are interspersed with
> the parts that do permissions checks, like the one yielding $SUBJECT at
> DefineIndex->ComputeIndexAttrs->ResolveOpClass->LookupExplicitNamespace.  My
> first candidate is to undo the userid switch before the ResolveOpClass() call
> and restore it after.  My second candidate is to pass down the userid we want
> used for this sort of permissions check.  Depending on the full list of call
> stacks reaching permissions checks, this could get hairy.

While I'd value the opportunity to work on this, there only a 50% chance I
could get it done by 2022-08-01.  I've set aside four hours on 2022-06-12 to
see how far I get.  For a 95% chance, the date would be 2023-02-01.  (I've
already canceled a 2022-07 vacation for the thing taking my time instead;
there's nothing clearly left to cut.)  If anyone would like it done faster
than that, I welcome that person taking over.



Commits

  1. CREATE INDEX: use the original userid for more ACL checks.