| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Alex Hunsaker <badalex(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [PATCH] remove redundant ownership checks |
| Date: | 2010-01-13 21:29:42 |
| Message-ID: | 4311.1263418182@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alex Hunsaker <badalex(at)gmail(dot)com> writes:
> Im of the opinion if we are going to be meddling with the permission
> checks in this area one of the goals should be close or at least
> tighten up that window. So you cant lock a table you dont have
> permission to (either via LOCK or ALTER TABLE). (Ignoring the issues
> of concurrent permission changes of course...)
Well, that's exactly the problem: it's not very sane to do permissions
checking on a table you have no lock whatsoever on, because the table
could be dropped, renamed, or have its permissions altered underneath
you. We could imagine taking a weak lock that forbids those operations
and then upgrading once we're sure we have the right to take a stronger
lock, but lock upgrade is a certain ticket to deadlocks.
So yeah, it'd be nice, but it's not apparent how to do it. The best
thing I can see how to do is keep the window between taking the lock
and verifying permissions narrow.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hans-Juergen Schoenig | 2010-01-13 21:30:32 | Re: patch to implement ECPG side tracing / tracking ... |
| Previous Message | Stephen Frost | 2010-01-13 21:28:16 | Re: [PATCH] remove redundant ownership checks |