Re: Extension pg_trgm, permissions and pg_dump order
Noah Misch <noah@leadboat.com>
From: Noah Misch <noah@leadboat.com>
To: pgsql-bugs@lists.postgresql.org
Cc: Färber, Franz-Josef (StMUK) <Franz-Josef.Faerber@stmuk.bayern.de>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2022-05-28T04:51:22Z
Lists: pgsql-bugs, pgsql-general
On Wed, May 25, 2022 at 10:50:47PM -0700, Noah Misch wrote: > BEGIN; > CREATE ROLE limitedrole; > CREATE SCHEMA ext_trgm; > CREATE EXTENSION pg_trgm SCHEMA ext_trgm; > CREATE TABLE x(y text); > ALTER TABLE x OWNER TO limitedrole; > CREATE INDEX ON x USING gist(y ext_trgm.gist_trgm_ops); > ROLLBACK; > Not too simple, no. The parts of DefineIndex() that execute user code > (e.g. DefineIndex->ComputeIndexAttrs->CheckMutability) are interspersed with > the parts that do permissions checks, like the one yielding $SUBJECT at > DefineIndex->ComputeIndexAttrs->ResolveOpClass->LookupExplicitNamespace. My > first candidate is to undo the userid switch before the ResolveOpClass() call > and restore it after. My second candidate is to pass down the userid we want > used for this sort of permissions check. Depending on the full list of call > stacks reaching permissions checks, this could get hairy. While I'd value the opportunity to work on this, there only a 50% chance I could get it done by 2022-08-01. I've set aside four hours on 2022-06-12 to see how far I get. For a 95% chance, the date would be 2023-02-01. (I've already canceled a 2022-07 vacation for the thing taking my time instead; there's nothing clearly left to cut.) If anyone would like it done faster than that, I welcome that person taking over.
Commits
-
CREATE INDEX: use the original userid for more ACL checks.
- 88b39e61486a 10.22 landed
- 6d49cc28613b 11.17 landed
- 93731d549e15 12.12 landed
- 8782ce49e4d0 13.8 landed
- ace9973867c2 14.5 landed
- 00377b9a02b8 15.0 landed