Skip site navigation (1) Skip section navigation (2)

Re: erroneous restore into pg_catalog schema

From: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Erik Rijkers <er(at)xs4all(dot)nl>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>,pgsql-hackers(at)postgresql(dot)org, Robert Haas <robertmhaas(at)gmail(dot)com>,Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Subject: Re: erroneous restore into pg_catalog schema
Date: 2013-01-14 16:55:46
Message-ID: 20130114165546.GE5106@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-hackers
Tom Lane wrote:
> Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> > Tom Lane escribi:
> >> I will bet that this is more breakage from the DDL-code refactoring that
> >> has been going on.  I am getting closer and closer to wanting that
> >> reverted.  KaiGai-san seems to have been throwing out lots of special
> >> cases that were there for good reasons.
> 
> > Isn't this just a475c6036?
> 
> Ah ... well, at least it was intentional.  But still wrongheaded,
> as this example shows.  What we should have done was what the commit
> message suggests, ie place a replacement check somewhere "upstream"
> where it would apply to all object types.  First thought that comes to
> mind is to add a hack to pg_namespace_aclcheck, or maybe at some call
> site(s).

The attached patch seems to work:

alvherre=# create table pg_catalog.foo (a int);
ERROR:  permission denied for schema pg_catalog

It passes regression tests for both core and contrib.

I notice that contrib/adminpack now fails, though (why doesn't this
module have a regression test?):

alvherre=# create extension adminpack;
ERROR:  permission denied for schema pg_catalog

It sounds hard to support that without some other special hack.  Not
sure what to do here.  Have adminpack set allowSystemTableMods somehow?

I grepped for other occurences of "pg_catalog" in contrib SQL scripts,
and all other modules seem to work (didn't try sepgsql):

$ rgrep -l pg_catalog */*sql  | cut -d/ -f1 | while read module; do echo module: $module; psql -c "create extension $module"; done

module: adminpack
ERROR:  permission denied for schema pg_catalog
module: btree_gist
CREATE EXTENSION
module: btree_gist
ERROR:  extension "btree_gist" already exists
module: citext
CREATE EXTENSION
module: citext
ERROR:  extension "citext" already exists
module: intarray
CREATE EXTENSION
module: isn
CREATE EXTENSION
module: lo
CREATE EXTENSION
module: pg_trgm
CREATE EXTENSION
module: pg_trgm
ERROR:  extension "pg_trgm" already exists
module: sepgsql
ERROR:  could not open extension control file
"/home/alvherre/Code/pgsql/install/HEAD/share/extension/sepgsql.control":
No such file or directory
module: tcn
CREATE EXTENSION
module: test_parser
CREATE EXTENSION
module: tsearch2
CREATE EXTENSION
module: tsearch2
ERROR:  extension "tsearch2" already exists

-- 
Alvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

Attachment: pg-catalog-perms.patch
Description: text/x-diff (620 bytes)

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2013-01-14 16:56:17
Subject: Re: bugfix: --echo-hidden is not supported by \sf statements
Previous:From: Robert HaasDate: 2013-01-14 16:52:54
Subject: Re: GIN over array of ENUMs

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group