Postgres Pro
Downloads
Home   >   mailing lists

Thread: pgsql: Only try to push down foreign joins if the user mapping OIDs mat

pgsql: Only try to push down foreign joins if the user mapping OIDs mat

From
Robert Haas
Date:
Only try to push down foreign joins if the user mapping OIDs match.

Previously, the foreign join pushdown infrastructure left the question
of security entirely up to individual FDWs, but it would be easy for
a foreign data wrapper to inadvertently open up subtle security holes
that way.  So, make it the core code's job to determine which user
mapping OID is relevant, and don't attempt join pushdown unless it's
the same for all relevant relations.

Per a suggestion from Tom Lane.  Shigeru Hanada and Ashutosh Bapat,
reviewed by Etsuro Fujita and KaiGai Kohei, with some further
changes by me.

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/fbe5a3fb73102c2cfec11aaaa4a67943f4474383

Modified Files
--------------
src/backend/executor/execParallel.c     |  1 +
src/backend/foreign/foreign.c           | 74 +++++++++++++++++++++++++--------
src/backend/nodes/copyfuncs.c           |  1 +
src/backend/nodes/outfuncs.c            |  2 +
src/backend/nodes/readfuncs.c           |  1 +
src/backend/optimizer/plan/createplan.c |  9 ++++
src/backend/optimizer/plan/planner.c    |  2 +
src/backend/optimizer/util/relnode.c    | 36 +++++++++++++++-
src/backend/utils/cache/plancache.c     | 68 +++++++++++++++++++++++++++++-
src/include/foreign/foreign.h           |  1 +
src/include/nodes/plannodes.h           |  1 +
src/include/nodes/relation.h            |  2 +
src/include/utils/plancache.h           |  1 +
13 files changed, 179 insertions(+), 20 deletions(-)

Re: pgsql: Only try to push down foreign joins if the user mapping OIDs mat

From
Andres Freund
Date:
Hi,

On 2016-01-28 19:09:01 +0000, Robert Haas wrote:
> Only try to push down foreign joins if the user mapping OIDs match.
>
> Previously, the foreign join pushdown infrastructure left the question
> of security entirely up to individual FDWs, but it would be easy for
> a foreign data wrapper to inadvertently open up subtle security holes
> that way.  So, make it the core code's job to determine which user
> mapping OID is relevant, and don't attempt join pushdown unless it's
> the same for all relevant relations.
>
> Per a suggestion from Tom Lane.  Shigeru Hanada and Ashutosh Bapat,
> reviewed by Etsuro Fujita and KaiGai Kohei, with some further
> changes by me.

I noticed that this breaks some citus regression tests in a minor
manner. Namely previously file_fdw worked without a user mapping, now it
doesn't appear to anymore.

This is easy enough to fix, and it's perfectly ok for us to fix this,
but I do wonder if that's not going to cause trouble for others.

Andres