Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack

On 2018-Jul-24, Michael Paquier wrote:

> On Mon, Jul 23, 2018 at 11:29:33AM -0400, Robert Haas wrote:
> > ExecuteTruncate needs to be refactored to use RangeVarGetRelidExtended
> > with a non-NULL callback rather than heap_openrv, and
> > expand_vacuum_rel needs to use RangeVarGetRelidExtended with a
> > callback instead of RangeVarGetRelid. See
> > cbe24a6dd8fb224b9585f25b882d5ffdb55a0ba5 as an example of what to do.
> > I fixed a large number of cases of this problem back around that time,
> > but then ran out of steam and had to move onto other things before I
> > got them all. Patches welcome.
>
> Thanks for pointing those out, I looked at both code paths recently for
> some other work... The amount of work does not consist just in using
> for example RangeVarCallbackOwnsRelation for VACUUM and TRUNCATE.

I don't think we're forced to reuse the existing callbacks -- maybe
write a specific callback for each case, if really needed. But anyway
like Andres I don't think this is related to allow_system_table_mods at
all; you just need to do the checks in the right order, no?

But I don't see why RangeVarCallbackOwnsTable isn't sufficient.

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services