Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3d9a3ef

Browse files
committed
Fix intermittent self-test failures caused by the stats_ext test.
Commitd7f8d26 added new tests to the stats_ext regression test thatincluded creating a view in the public schema, without realising thatthe stats_ext test runs in the same parallel group as the rules test,which makes doing that unsafe.This led to intermittent failures of the rules test on the buildfarm,although I wasn't able to reproduce that locally. Fix by creating theview in a different schema.Tomas Vondra and Dean Rasheed, report and diagnosis by Thomas Munro.Discussion:https://postgr.es/m/CA+hUKGKX9hFZrYA7rQzAMRE07L4hziCc-nO_b3taJpiuKyLLxg@mail.gmail.com
1 parent87e9fae commit3d9a3ef

File tree

2 files changed

+44
-38
lines changed

2 files changed

+44
-38
lines changed

‎src/test/regress/expected/stats_ext.out‎

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -752,59 +752,63 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_bool WHERE NOT a AND
752752
-- the underlying table.
753753
--
754754
-- Currently this is only relevant for MCV stats.
755-
CREATE TABLE priv_test_tbl (
755+
CREATE SCHEMA tststats;
756+
CREATE TABLE tststats.priv_test_tbl (
756757
a int,
757758
b int
758759
);
759-
INSERT INTO priv_test_tbl
760+
INSERT INTOtststats.priv_test_tbl
760761
SELECT mod(i,5), mod(i,10) FROM generate_series(1,100) s(i);
761-
CREATE STATISTICS priv_test_stats (mcv) ON a, b
762-
FROM priv_test_tbl;
763-
ANALYZE priv_test_tbl;
762+
CREATE STATISTICStststats.priv_test_stats (mcv) ON a, b
763+
FROMtststats.priv_test_tbl;
764+
ANALYZEtststats.priv_test_tbl;
764765
-- User with no access
765766
CREATE USER regress_stats_user1;
767+
GRANT USAGE ON SCHEMA tststats TO regress_stats_user1;
766768
SET SESSION AUTHORIZATION regress_stats_user1;
767-
SELECT * FROM priv_test_tbl; -- Permission denied
769+
SELECT * FROMtststats.priv_test_tbl; -- Permission denied
768770
ERROR: permission denied for table priv_test_tbl
769771
-- Attempt to gain access using a leaky operator
770772
CREATE FUNCTION op_leak(int, int) RETURNS bool
771773
AS 'BEGIN RAISE NOTICE ''op_leak => %, %'', $1, $2; RETURN $1 < $2; END'
772774
LANGUAGE plpgsql;
773775
CREATE OPERATOR <<< (procedure = op_leak, leftarg = int, rightarg = int,
774776
restrict = scalarltsel);
775-
SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
777+
SELECT * FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
776778
ERROR: permission denied for table priv_test_tbl
777-
DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
779+
DELETE FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
778780
ERROR: permission denied for table priv_test_tbl
779781
-- Grant access via a security barrier view, but hide all data
780782
RESET SESSION AUTHORIZATION;
781-
CREATE VIEW priv_test_view WITH (security_barrier=true)
782-
AS SELECT * FROM priv_test_tbl WHERE false;
783-
GRANT SELECT, DELETE ON priv_test_view TO regress_stats_user1;
783+
CREATE VIEWtststats.priv_test_view WITH (security_barrier=true)
784+
AS SELECT * FROMtststats.priv_test_tbl WHERE false;
785+
GRANT SELECT, DELETE ONtststats.priv_test_view TO regress_stats_user1;
784786
-- Should now have access via the view, but see nothing and leak nothing
785787
SET SESSION AUTHORIZATION regress_stats_user1;
786-
SELECT * FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
788+
SELECT * FROMtststats.priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
787789
a | b
788790
---+---
789791
(0 rows)
790792

791-
DELETE FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
793+
DELETE FROMtststats.priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
792794
-- Grant table access, but hide all data with RLS
793795
RESET SESSION AUTHORIZATION;
794-
ALTER TABLE priv_test_tbl ENABLE ROW LEVEL SECURITY;
795-
GRANT SELECT, DELETE ON priv_test_tbl TO regress_stats_user1;
796+
ALTER TABLEtststats.priv_test_tbl ENABLE ROW LEVEL SECURITY;
797+
GRANT SELECT, DELETE ONtststats.priv_test_tbl TO regress_stats_user1;
796798
-- Should now have direct table access, but see nothing and leak nothing
797799
SET SESSION AUTHORIZATION regress_stats_user1;
798-
SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
800+
SELECT * FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
799801
a | b
800802
---+---
801803
(0 rows)
802804

803-
DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
805+
DELETE FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
804806
-- Tidy up
805807
DROP OPERATOR <<< (int, int);
806808
DROP FUNCTION op_leak(int, int);
807809
RESET SESSION AUTHORIZATION;
808-
DROP VIEW priv_test_view;
809-
DROP TABLE priv_test_tbl;
810+
DROP SCHEMA tststats CASCADE;
811+
NOTICE: drop cascades to 2 other objects
812+
DETAIL: drop cascades to table tststats.priv_test_tbl
813+
drop cascades to view tststats.priv_test_view
810814
DROP USER regress_stats_user1;

‎src/test/regress/sql/stats_ext.sql‎

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -493,58 +493,60 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_bool WHERE NOT a AND
493493
-- the underlying table.
494494
--
495495
-- Currently this is only relevant for MCV stats.
496-
CREATETABLEpriv_test_tbl (
496+
CREATESCHEMAtststats;
497+
498+
CREATETABLEtststats.priv_test_tbl (
497499
aint,
498500
bint
499501
);
500502

501-
INSERT INTO priv_test_tbl
503+
INSERT INTOtststats.priv_test_tbl
502504
SELECT mod(i,5), mod(i,10)FROM generate_series(1,100) s(i);
503505

504-
CREATE STATISTICS priv_test_stats (mcv)ON a, b
505-
FROM priv_test_tbl;
506+
CREATE STATISTICStststats.priv_test_stats (mcv)ON a, b
507+
FROMtststats.priv_test_tbl;
506508

507-
ANALYZE priv_test_tbl;
509+
ANALYZEtststats.priv_test_tbl;
508510

509511
-- User with no access
510512
CREATEUSERregress_stats_user1;
513+
GRANT USAGEON SCHEMA tststats TO regress_stats_user1;
511514
SET SESSION AUTHORIZATION regress_stats_user1;
512-
SELECT*FROM priv_test_tbl;-- Permission denied
515+
SELECT*FROMtststats.priv_test_tbl;-- Permission denied
513516

514517
-- Attempt to gain access using a leaky operator
515518
CREATEFUNCTIONop_leak(int,int) RETURNS bool
516519
AS'BEGIN RAISE NOTICE''op_leak => %, %'', $1, $2; RETURN $1 < $2; END'
517520
LANGUAGE plpgsql;
518521
CREATE OPERATOR<<< (procedure= op_leak, leftarg=int, rightarg=int,
519522
restrict= scalarltsel);
520-
SELECT*FROM priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
521-
DELETEFROM priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
523+
SELECT*FROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
524+
DELETEFROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
522525

523526
-- Grant access via a security barrier view, but hide all data
524527
RESET SESSION AUTHORIZATION;
525-
CREATEVIEWpriv_test_view WITH (security_barrier=true)
526-
ASSELECT*FROM priv_test_tblWHERE false;
527-
GRANTSELECT,DELETEON priv_test_view TO regress_stats_user1;
528+
CREATEVIEWtststats.priv_test_view WITH (security_barrier=true)
529+
ASSELECT*FROMtststats.priv_test_tblWHERE false;
530+
GRANTSELECT,DELETEONtststats.priv_test_view TO regress_stats_user1;
528531

529532
-- Should now have access via the view, but see nothing and leak nothing
530533
SET SESSION AUTHORIZATION regress_stats_user1;
531-
SELECT*FROM priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
532-
DELETEFROM priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
534+
SELECT*FROMtststats.priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
535+
DELETEFROMtststats.priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
533536

534537
-- Grant table access, but hide all data with RLS
535538
RESET SESSION AUTHORIZATION;
536-
ALTERTABLE priv_test_tbl ENABLE ROW LEVEL SECURITY;
537-
GRANTSELECT,DELETEON priv_test_tbl TO regress_stats_user1;
539+
ALTERTABLEtststats.priv_test_tbl ENABLE ROW LEVEL SECURITY;
540+
GRANTSELECT,DELETEONtststats.priv_test_tbl TO regress_stats_user1;
538541

539542
-- Should now have direct table access, but see nothing and leak nothing
540543
SET SESSION AUTHORIZATION regress_stats_user1;
541-
SELECT*FROM priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
542-
DELETEFROM priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
544+
SELECT*FROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
545+
DELETEFROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
543546

544547
-- Tidy up
545548
DROPOPERATOR<<< (int,int);
546549
DROPFUNCTION op_leak(int,int);
547550
RESET SESSION AUTHORIZATION;
548-
DROPVIEW priv_test_view;
549-
DROPTABLE priv_test_tbl;
551+
DROPSCHEMA tststats CASCADE;
550552
DROPUSER regress_stats_user1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp