On Tue, May 12, 2009 at 12:10, Alex Hunsaker <badalex@gmail.com> wrote:
> On Mon, May 11, 2009 at 21:18, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
>> However, he can do that anyway via ALTER TABLE, which
>> will happily take out AccessExclusiveLock before it checks any
>> permissions. So I'm not seeing the point of risking unsafe behavior
>> in LOCK TABLE.
>
> I would rather fix ALTER TABLE to do something similar to test and
> test-and-set... From a quick look TRUNCATE also seems to be prone to
> this.
Arg ok so TRUNCATE was a bad example because it checks ACL_TRUNCATE.
Hrm on second thought I think your right. They only get the lock
until the permission check, and I have a hard time seeing how someone
can take real advantage of that. The owner that is trying to lock
table should get the lock almost immediately even if there are say a
few hundred non-owner clients trying to lock it. So +1 for fixing
the LOCK TABLE.
Is ALTER TABLE RENAME at risk at well? It calls
CheckRelationOwnership before it grabs an AccessExclusiveLock.
