Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit661dd23

Browse files
committed
Restrict access to reindex of shared catalogs for non-privileged users
A database owner running a database-level REINDEX has the possibility toalso do the operation on shared system catalogs without being an ownerof them, which allows him to block resources it should not have accessto. The same goes for a schema owner. For example, PostgreSQL would gounresponsive and even block authentication if a lock is waited forpg_authid. This commit makes sure that a user running a REINDEX SYSTEM,DATABASE or SCHEMA only works on the following relations:- The user is a superuser- The user is the table owner- The user is the database/schema owner, only if the relation worked onis not shared.Robert has worded most the documentation changes, and I have coded thecore part.Reported-by: Lloyd Albin, Jeremy SchneiderAuthor: Michael Paquier, Robert HaasReviewed by: Nathan Bossart, Kyotaro HoriguchiDiscussion:https://postgr.es/m/152512087100.19803.12733865831237526317@wrigleys.postgresql.orgDiscussion:https://postgr.es/m/20180805211059.GA2185@paquier.xyzBackpatch-through: 11- as the current behavior has been around for avery long time and could be disruptive for already released branches.
1 parent59ef49d commit661dd23

File tree

2 files changed

+21
-4
lines changed

2 files changed

+21
-4
lines changed

‎doc/src/sgml/ref/reindex.sgml

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -225,10 +225,15 @@ REINDEX [ ( VERBOSE ) ] { INDEX | TABLE | SCHEMA | DATABASE | SYSTEM } <replacea
225225

226226
<para>
227227
Reindexing a single index or table requires being the owner of that
228-
index or table. Reindexing a database requires being the owner of
229-
the database (note that the owner can therefore rebuild indexes of
230-
tables owned by other users). Of course, superusers can always
231-
reindex anything.
228+
index or table. Reindexing a schema or database requires being the
229+
owner of that schema or database. Note that is therefore sometimes
230+
possible for non-superusers to rebuild indexes of tables owned by
231+
other users. However, as a special exception, when
232+
<command>REINDEX DATABASE</command>, <command>REINDEX SCHEMA</command>
233+
or <command>REINDEX SYSTEM</command> is issued by a non-superuser,
234+
indexes on shared catalogs will be skipped unless the user owns the
235+
catalog (which typically won't be the case). Of course, superusers
236+
can always reindex anything.
232237
</para>
233238

234239
<para>

‎src/backend/commands/indexcmds.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2415,6 +2415,18 @@ ReindexMultipleTables(const char *objectName, ReindexObjectType objectKind,
24152415
!IsSystemClass(relid,classtuple))
24162416
continue;
24172417

2418+
/*
2419+
* The table can be reindexed if the user is superuser, the table
2420+
* owner, or the database/schema owner (but in the latter case, only
2421+
* if it's not a shared relation). pg_class_ownercheck includes the
2422+
* superuser case, and depending on objectKind we already know that
2423+
* the user has permission to run REINDEX on this database or schema
2424+
* per the permission checks at the beginning of this routine.
2425+
*/
2426+
if (classtuple->relisshared&&
2427+
!pg_class_ownercheck(relid,GetUserId()))
2428+
continue;
2429+
24182430
/* Save the list of relation OIDs in private context */
24192431
old=MemoryContextSwitchTo(private_context);
24202432

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp