Re: ALTER DEFAULT PRIVILEGES is buggy, and so is its testing

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: ALTER DEFAULT PRIVILEGES is buggy, and so is its testing
Date: 2018-11-09 17:45:40
Message-ID: 16467.1541785540@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I wrote:
> So it seems like testing ALTER DEFAULT PRIVILEGES in a script that
> runs in parallel with anything else is a damfool idea. But there
> is also a live bug of failure to correctly record privileges granted
> this way. Without that bug, we'd have had our noses rubbed in the
> parallel race conditions long ago.

It turns out the bug only applies to schemas and types; the other
callers of get_user_default_acl() already had ad-hoc code to deal
with the problem. I made that a bit less ad-hoc by creating a
subroutine to do the work and documenting the need to call it.

To fix the tests' race condition, it seems to be sufficient to
wrap a transaction around the section of privileges.sql that
grants and then revokes global default privileges. The other
uses of ALTER DEFAULT PRIVILEGES in the tests are targeted narrowly
enough to ensure that concurrent tests shouldn't pick them up.

In the attached proposed patch for HEAD, since I had to adjust
the API of GenerateTypeDependencies anyway, I changed it to pass
the new pg_type row and get most of the old arguments out of that,
as the argument list was getting pretty unwieldy. I suppose we
could make a back-branch patch that doesn't change that API and
instead makes the callers responsible for recording ACL dependencies,
but ugh. Does anyone think it's likely that third-party code is
calling GenerateTypeDependencies?

regards, tom lane

Attachment Content-Type Size
fix-default-privileges-dependencies-1.patch text/x-diff 23.4 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Paul Ramsey 2018-11-09 19:01:30 Changing SQL Inlining Behaviour (or...?)
Previous Message Jesper Pedersen 2018-11-09 17:43:24 Re: speeding up planning with partitions