From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Alex Hunsaker <badalex(at)gmail(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH] remove redundant ownership checks |
Date: | 2010-01-13 21:29:42 |
Message-ID: | 4311.1263418182@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Alex Hunsaker <badalex(at)gmail(dot)com> writes:
> Im of the opinion if we are going to be meddling with the permission
> checks in this area one of the goals should be close or at least
> tighten up that window. So you cant lock a table you dont have
> permission to (either via LOCK or ALTER TABLE). (Ignoring the issues
> of concurrent permission changes of course...)
Well, that's exactly the problem: it's not very sane to do permissions
checking on a table you have no lock whatsoever on, because the table
could be dropped, renamed, or have its permissions altered underneath
you. We could imagine taking a weak lock that forbids those operations
and then upgrading once we're sure we have the right to take a stronger
lock, but lock upgrade is a certain ticket to deadlocks.
So yeah, it'd be nice, but it's not apparent how to do it. The best
thing I can see how to do is keep the window between taking the lock
and verifying permissions narrow.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Hans-Juergen Schoenig | 2010-01-13 21:30:32 | Re: patch to implement ECPG side tracing / tracking ... |
Previous Message | Stephen Frost | 2010-01-13 21:28:16 | Re: [PATCH] remove redundant ownership checks |