Re: Prevent writes on large objects in read-only transactions - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Prevent writes on large objects in read-only transactions
Date
Msg-id YpfreiZUuW2zrkxj@paquier.xyz
Whole thread Raw
In response to Re: Prevent writes on large objects in read-only transactions  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Prevent writes on large objects in read-only transactions
List pgsql-hackers
On Wed, Jun 01, 2022 at 10:15:17AM -0400, Tom Lane wrote:
> It's always appropriate to consider backwards compatibility, and we
> frequently don't back-patch a change because of worries about that.
> However, if someone complains because we start rejecting this as of
> v15 or v16, I don't think they have good grounds for that.  It's just
> obviously wrong ... unless someone can come up with a plausible
> definition of read-only-ness that excludes large objects.  I don't
> say that that's impossible, but it sure seems like it'd be contorted
> reasoning.  They're definitely inside-the-database entities.

FWIW, I find the removal of error paths to authorize new behaviors
easy to think about in terms of compatibility, because nobody is going
to complain about that as long as it works as intended.  The opposite,
aka enforcing an error in a code path is much harder to reason about.
Anyway, if I am outnumbered on this one that's fine by me :)

There are a couple of things in the original patch that may require to
be adjusted though:
1) Should we complain in lo_open() when using the write mode for a
read-only transaction?  My answer to that would be yes.
2) We still publish two non-fmgr-callable routines, lo_read() and
lo_write().  Perhaps we'd better make them static to be-fsstubs.c or
put the same restriction to the write routine as its SQL flavor?
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Nathan Bossart
Date:
Subject: Re: silence compiler warning in brin.c
Next
From: Michael Paquier
Date:
Subject: Re: Allowing REINDEX to have an optional name