On Mon, 2025-10-13 at 17:21 -0400, Tom Lane wrote:
> I don't think so. Even AccessShareLock is enough to block another
> session trying to acquire AccessExclusiveLock, and then not only
> have you DoS'd that session, but everything else trying to access
> the table will queue up behind the AccessExclusiveLock request.
> So it's only not-a-problem if nothing anywhere in the system wants
> non-sharable locks.
I tried imagining how that could be a problem, but couldn't come up
with anything. If the privilege check is right after the lock, then
either:
(a) The malicious AccessShareLock is granted, then is quickly released
when the privilege check fails and the transaction aborts; or
(b) The malicious AccessShareLock is queued behind a legitimate
AccessExclusiveLock, in which case every other lock would be queued up
as well. As soon as the AccessExclusiveLock is released, the
AccessShareLock would be granted, but quickly released when the
privilege check fails.
For it to be a problem, the malicious lock needs to be strong enough to
conflict with a lock level weaker than itself, i.e. ShareLock or
stronger.
I'm not sure we save anything by being lazier for weaker lock levels,
so perhaps the point is irrelevant. But if I'm missing something,
please let me know.
Regards,
Jeff Davis
