Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5576cbc

Browse files
committed
Fix intermittent self-test failures caused by the stats_ext test.
Commitd7f8d26 added new tests to the stats_ext regression test thatincluded creating a view in the public schema, without realising thatthe stats_ext test runs in the same parallel group as the rules test,which makes doing that unsafe.This led to intermittent failures of the rules test on the buildfarm,although I wasn't able to reproduce that locally. Fix by creating theview in a different schema.Tomas Vondra and Dean Rasheed, report and diagnosis by Thomas Munro.Discussion:https://postgr.es/m/CA+hUKGKX9hFZrYA7rQzAMRE07L4hziCc-nO_b3taJpiuKyLLxg@mail.gmail.com
1 parent1c6b62a commit5576cbc

File tree

2 files changed

+44
-38
lines changed

2 files changed

+44
-38
lines changed

‎src/test/regress/expected/stats_ext.out‎

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -735,59 +735,63 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_bool WHERE NOT a AND
735735
-- the underlying table.
736736
--
737737
-- Currently this is only relevant for MCV stats.
738-
CREATE TABLE priv_test_tbl (
738+
CREATE SCHEMA tststats;
739+
CREATE TABLE tststats.priv_test_tbl (
739740
a int,
740741
b int
741742
);
742-
INSERT INTO priv_test_tbl
743+
INSERT INTOtststats.priv_test_tbl
743744
SELECT mod(i,5), mod(i,10) FROM generate_series(1,100) s(i);
744-
CREATE STATISTICS priv_test_stats (mcv) ON a, b
745-
FROM priv_test_tbl;
746-
ANALYZE priv_test_tbl;
745+
CREATE STATISTICStststats.priv_test_stats (mcv) ON a, b
746+
FROMtststats.priv_test_tbl;
747+
ANALYZEtststats.priv_test_tbl;
747748
-- User with no access
748749
CREATE USER regress_stats_user1;
750+
GRANT USAGE ON SCHEMA tststats TO regress_stats_user1;
749751
SET SESSION AUTHORIZATION regress_stats_user1;
750-
SELECT * FROM priv_test_tbl; -- Permission denied
752+
SELECT * FROMtststats.priv_test_tbl; -- Permission denied
751753
ERROR: permission denied for table priv_test_tbl
752754
-- Attempt to gain access using a leaky operator
753755
CREATE FUNCTION op_leak(int, int) RETURNS bool
754756
AS 'BEGIN RAISE NOTICE ''op_leak => %, %'', $1, $2; RETURN $1 < $2; END'
755757
LANGUAGE plpgsql;
756758
CREATE OPERATOR <<< (procedure = op_leak, leftarg = int, rightarg = int,
757759
restrict = scalarltsel);
758-
SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
760+
SELECT * FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
759761
ERROR: permission denied for table priv_test_tbl
760-
DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
762+
DELETE FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
761763
ERROR: permission denied for table priv_test_tbl
762764
-- Grant access via a security barrier view, but hide all data
763765
RESET SESSION AUTHORIZATION;
764-
CREATE VIEW priv_test_view WITH (security_barrier=true)
765-
AS SELECT * FROM priv_test_tbl WHERE false;
766-
GRANT SELECT, DELETE ON priv_test_view TO regress_stats_user1;
766+
CREATE VIEWtststats.priv_test_view WITH (security_barrier=true)
767+
AS SELECT * FROMtststats.priv_test_tbl WHERE false;
768+
GRANT SELECT, DELETE ONtststats.priv_test_view TO regress_stats_user1;
767769
-- Should now have access via the view, but see nothing and leak nothing
768770
SET SESSION AUTHORIZATION regress_stats_user1;
769-
SELECT * FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
771+
SELECT * FROMtststats.priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
770772
a | b
771773
---+---
772774
(0 rows)
773775

774-
DELETE FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
776+
DELETE FROMtststats.priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
775777
-- Grant table access, but hide all data with RLS
776778
RESET SESSION AUTHORIZATION;
777-
ALTER TABLE priv_test_tbl ENABLE ROW LEVEL SECURITY;
778-
GRANT SELECT, DELETE ON priv_test_tbl TO regress_stats_user1;
779+
ALTER TABLEtststats.priv_test_tbl ENABLE ROW LEVEL SECURITY;
780+
GRANT SELECT, DELETE ONtststats.priv_test_tbl TO regress_stats_user1;
779781
-- Should now have direct table access, but see nothing and leak nothing
780782
SET SESSION AUTHORIZATION regress_stats_user1;
781-
SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
783+
SELECT * FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
782784
a | b
783785
---+---
784786
(0 rows)
785787

786-
DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
788+
DELETE FROMtststats.priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
787789
-- Tidy up
788790
DROP OPERATOR <<< (int, int);
789791
DROP FUNCTION op_leak(int, int);
790792
RESET SESSION AUTHORIZATION;
791-
DROP VIEW priv_test_view;
792-
DROP TABLE priv_test_tbl;
793+
DROP SCHEMA tststats CASCADE;
794+
NOTICE: drop cascades to 2 other objects
795+
DETAIL: drop cascades to table tststats.priv_test_tbl
796+
drop cascades to view tststats.priv_test_view
793797
DROP USER regress_stats_user1;

‎src/test/regress/sql/stats_ext.sql‎

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -483,58 +483,60 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_bool WHERE NOT a AND
483483
-- the underlying table.
484484
--
485485
-- Currently this is only relevant for MCV stats.
486-
CREATETABLEpriv_test_tbl (
486+
CREATESCHEMAtststats;
487+
488+
CREATETABLEtststats.priv_test_tbl (
487489
aint,
488490
bint
489491
);
490492

491-
INSERT INTO priv_test_tbl
493+
INSERT INTOtststats.priv_test_tbl
492494
SELECT mod(i,5), mod(i,10)FROM generate_series(1,100) s(i);
493495

494-
CREATE STATISTICS priv_test_stats (mcv)ON a, b
495-
FROM priv_test_tbl;
496+
CREATE STATISTICStststats.priv_test_stats (mcv)ON a, b
497+
FROMtststats.priv_test_tbl;
496498

497-
ANALYZE priv_test_tbl;
499+
ANALYZEtststats.priv_test_tbl;
498500

499501
-- User with no access
500502
CREATEUSERregress_stats_user1;
503+
GRANT USAGEON SCHEMA tststats TO regress_stats_user1;
501504
SET SESSION AUTHORIZATION regress_stats_user1;
502-
SELECT*FROM priv_test_tbl;-- Permission denied
505+
SELECT*FROMtststats.priv_test_tbl;-- Permission denied
503506

504507
-- Attempt to gain access using a leaky operator
505508
CREATEFUNCTIONop_leak(int,int) RETURNS bool
506509
AS'BEGIN RAISE NOTICE''op_leak => %, %'', $1, $2; RETURN $1 < $2; END'
507510
LANGUAGE plpgsql;
508511
CREATE OPERATOR<<< (procedure= op_leak, leftarg=int, rightarg=int,
509512
restrict= scalarltsel);
510-
SELECT*FROM priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
511-
DELETEFROM priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
513+
SELECT*FROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
514+
DELETEFROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Permission denied
512515

513516
-- Grant access via a security barrier view, but hide all data
514517
RESET SESSION AUTHORIZATION;
515-
CREATEVIEWpriv_test_view WITH (security_barrier=true)
516-
ASSELECT*FROM priv_test_tblWHERE false;
517-
GRANTSELECT,DELETEON priv_test_view TO regress_stats_user1;
518+
CREATEVIEWtststats.priv_test_view WITH (security_barrier=true)
519+
ASSELECT*FROMtststats.priv_test_tblWHERE false;
520+
GRANTSELECT,DELETEONtststats.priv_test_view TO regress_stats_user1;
518521

519522
-- Should now have access via the view, but see nothing and leak nothing
520523
SET SESSION AUTHORIZATION regress_stats_user1;
521-
SELECT*FROM priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
522-
DELETEFROM priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
524+
SELECT*FROMtststats.priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
525+
DELETEFROMtststats.priv_test_viewWHERE a<<<0AND b<<<0;-- Should not leak
523526

524527
-- Grant table access, but hide all data with RLS
525528
RESET SESSION AUTHORIZATION;
526-
ALTERTABLE priv_test_tbl ENABLE ROW LEVEL SECURITY;
527-
GRANTSELECT,DELETEON priv_test_tbl TO regress_stats_user1;
529+
ALTERTABLEtststats.priv_test_tbl ENABLE ROW LEVEL SECURITY;
530+
GRANTSELECT,DELETEONtststats.priv_test_tbl TO regress_stats_user1;
528531

529532
-- Should now have direct table access, but see nothing and leak nothing
530533
SET SESSION AUTHORIZATION regress_stats_user1;
531-
SELECT*FROM priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
532-
DELETEFROM priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
534+
SELECT*FROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
535+
DELETEFROMtststats.priv_test_tblWHERE a<<<0AND b<<<0;-- Should not leak
533536

534537
-- Tidy up
535538
DROPOPERATOR<<< (int,int);
536539
DROPFUNCTION op_leak(int,int);
537540
RESET SESSION AUTHORIZATION;
538-
DROPVIEW priv_test_view;
539-
DROPTABLE priv_test_tbl;
541+
DROPSCHEMA tststats CASCADE;
540542
DROPUSER regress_stats_user1;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp