Skip site navigation (1) Skip section navigation (2)

Re: [PATCH] remove redundant ownership checks

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Alex Hunsaker <badalex(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>,Bruce Momjian <bruce(at)momjian(dot)us>,KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH] remove redundant ownership checks
Date: 2010-01-13 21:19:25
Message-ID: 20100113211925.GI17756@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackers
* Alex Hunsaker (badalex(at)gmail(dot)com) wrote:
> On Wed, Jan 13, 2010 at 12:54, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > I'm a little worried by Stephen's plan, mainly because I'm concerned
> > that it would lead to ALTER TABLE taking exclusive lock on a table long
> > before it gets around to checking permissions.  Still, that's just
> > extending a window that exists now.
> 
> Im of the opinion if we are going to be meddling with the permission
> checks in this area one of the goals should be close or at least
> tighten up that window.  So you cant lock a table you dont have
> permission to (either via LOCK or ALTER TABLE).  (Ignoring the issues
> of concurrent permission changes of course...)

Trying to minimize that makes the permissions checking a royal mess by
making it have to happen all over the place, after every little bit of
information is gathered.  I'm not a fan of that because of both concerns
about making sure it's correct and actually matches our documention, as
well as any possibility of making it a pluggable framework.  At the
moment, we're doing permissions checks on the main table before we even
know if the other tables referenced in the command exist.  I don't think
we're talking about a serious difference in time here either, to be
honest.

Not to mention that if you don't have access to the schema, you wouldn't
be able to take a lock on the table at all, so I'm really not sure how
big a deal this is..

	Thanks,

		Stephen

In response to

pgsql-hackers by date

Next:From: Boszormenyi ZoltanDate: 2010-01-13 21:26:57
Subject: Re: lock_timeout GUC patch
Previous:From: Alex HunsakerDate: 2010-01-13 21:02:54
Subject: Re: [PATCH] remove redundant ownership checks

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group