From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz>, Andres Freund <andres(at)anarazel(dot)de> |
Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, "Schneider, Jeremy" <schnjere(at)amazon(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, "Albin, Lloyd P" <lalbin(at)scharp(dot)org> |
Subject: | Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack |
Date: | 2018-07-26 15:06:59 |
Message-ID: | E5CF1BFB-322D-41AE-ACFC-237730A9E110@amazon.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
I took a look at 0001.
On 7/26/18, 12:24 AM, "Michael Paquier" <michael(at)paquier(dot)xyz> wrote:
> 1) 0001 does the work for TRUNCATE, but using RangeVarGetRelidExtended
> with a custom callback based on the existing truncate_check_rel(). I
> had to split the session-level checks into a separate routine as no
> Relation is available, but that finishes by being a neat result without
> changing any user-facing behavior.
Splitting the checks like this seems reasonable. As you pointed out,
it doesn't change the behavior of the session checks, which AFAICT
aren't necessary for the kind of permissions checks we want to add to
the RangeVarGetRelidExtended() call.
- myrelid = RelationGetRelid(rel);
+ myrelid = RangeVarGetRelidExtended(rv, AccessExclusiveLock,
+ false, RangeVarCallbackForTruncate,
+ NULL);
Should the flags argument be 0 instead of false?
+ /* Nothing to do if the relation was not found. */
+ if (!OidIsValid(relId))
+ return;
+
+ tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relId));
+ if (!HeapTupleIsValid(tuple)) /* should not happen */
+ elog(ERROR, "cache lookup failed for relation %u", relId);
The first time we use this callback, the relation won't be locked, so
isn't it possible that we won't get a valid tuple here? I did notice
that callbacks like RangeVarCallbackForRenameRule,
RangeVarCallbackForPolicy, and RangeVarCallbackForRenameTrigger assume
that the relation can be concurrently dropped, but
RangeVarCallbackOwnsRelation does not. Instead, we assume that the
syscache search will succeed if the given OID is valid. Is this a
bug, or am I missing something?
Nathan
From | Date | Subject | |
---|---|---|---|
Next Message | Bossart, Nathan | 2018-07-26 15:40:07 | Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack |
Previous Message | Tom Lane | 2018-07-26 14:50:42 | Re: BUG #15297: Irregular comparison rules for NULLs in tuples |
From | Date | Subject | |
---|---|---|---|
Next Message | Dmitry Dolgov | 2018-07-26 15:07:32 | Re: [HACKERS] advanced partition matching algorithm for partition-wise join |
Previous Message | Nikhil Sontakke | 2018-07-26 14:54:00 | Re: [HACKERS] logical decoding of two-phase transactions |