Re: Clarification on Role Access Rights to Table Indexes

Jeff Davis <pgsql@j-davis.com>

From: Jeff Davis <pgsql@j-davis.com>
To: Nathan Bossart <nathandbossart@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>
Cc: Ayush Vatsa <ayushvatsa1810@gmail.com>, Robert Haas <robertmhaas@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-10-09T03:06:04Z
Lists: pgsql-hackers, pgsql-general
On Wed, 2025-09-24 at 11:52 -0500, Nathan Bossart wrote:
> On Wed, Sep 24, 2025 at 12:13:34PM -0400, Tom Lane wrote:
> > Nathan Bossart <nathandbossart@gmail.com> writes:
> > > * RangeVarCallbackForReindexIndex() was checking privileges on
> > > the table
> > > before locking it, so I reversed it in 0002.
> > 
> > Don't we do that intentionally, to make sure someone can't cause
> > DOS
> > on a table they have no privileges on?
> 
> Ah, right.  I switched it back in v4.

v4-0001 looks good to me.

Just to make sure I understand: the actual problem would only happen
with OID wraparound, right?

Regards,
	Jeff Davis




Commits

  1. Fix privilege checks for pg_prewarm() on indexes.

  2. Fix lookup code for REINDEX INDEX.

  3. Fix redefinition of typedef RangeVar.

  4. Fix lookups in pg_{clear,restore}_{attribute,relation}_stats().

  5. dblink: Avoid locking relation before privilege check.