| From: | Bertrand Drouvot <bertranddrouvot(dot)pg(at)gmail(dot)com> |
|---|---|
| To: | surya poondla <suryapoondla4(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Fix races conditions in DropRole() and GrantRole() |
| Date: | 2026-07-15 03:37:47 |
| Message-ID: | alcAi0scidMqjO4y@bdtpg |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Surya,
On Fri, Jul 10, 2026 at 02:42:26PM -0700, surya poondla wrote:
> Instead we can report the OID and it avoids the re-lookup entirely, e.g.
>
> if (!SearchSysCacheExists1(AUTHOID, ObjectIdGetDatum(roleid)))
> ereport(ERROR,
> (errcode(ERRCODE_UNDEFINED_OBJECT),
> errmsg("role with OID %u does not exist", roleid)));
Agreed and done in the attached.
> 2. The new s2_check_orphans permutations all use named roles, which go
> through the RoleNameGetOid() (CSTRING) path. None exercise the
> CURRENT_USER/SESSION_USER else-branch that the recheck was added for.
> A permutation like "GRANT g TO CURRENT_USER" with a concurrent drop of the
> session's login
> role would cover that else branch and this would also exercise the path in
> point #1
Test added.
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
| Attachment | Content-Type | Size |
|---|---|---|
| v4-0001-Add-RoleNameGetOid-with-invalidation-based-retry-.patch | text/x-diff | 13.0 KB |
| v4-0002-Protect-role-resolution-in-roleSpecsToIds-against.patch | text/x-diff | 9.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | wenhui qiu | 2026-07-15 03:47:21 | Re: Report oldest xmin source when autovacuum cannot remove tuples |
| Previous Message | solai v | 2026-07-15 03:37:24 | Re: [PATCH] Cover get_json_table_plan() with tests |