Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1v8QoM-000VRF-5u
	for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Oct 2025 22:14:34 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1v8QoI-008n03-S8
	for pgsql-hackers@arkaria.postgresql.org; Mon, 13 Oct 2025 22:14:31 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql@j-davis.com>)
	id 1v8QoI-008mzu-ER
	for pgsql-hackers@lists.postgresql.org; Mon, 13 Oct 2025 22:14:31 +0000
Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <pgsql@j-davis.com>)
	id 1v8QlZ-001bPL-1n
	for pgsql-hackers@postgresql.org;
	Mon, 13 Oct 2025 22:14:30 +0000
Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-7833765433cso6100260b3a.0
        for <pgsql-hackers@postgresql.org>; Mon, 13 Oct 2025 15:11:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=j-davis-com.20230601.gappssmtp.com; s=20230601; t=1760393500; x=1760998300; darn=postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
         :date:message-id:reply-to;
        bh=k43wrHGCbEwS8NcdazaEE/eq1RdnzXKGS8G7jNDeu6Y=;
        b=DDtq7tSEEzfluXE9bUiqJrD+rr2zeWY8Ug07jzF9wZlgubmwhVgcmblhnzaPEo7dAV
         zIGwIPVezOHUqL0/5LrOBnBeU4dMlUfBv7cuhG3CJQYK05nUfReDB8yekp6J3NLjdRES
         gGGxGOO/yfteWLryuIae3TrvBoCOu2r5j3zI0652TQYa7rUNpyplZEJ16B6Cb2LuEUns
         eZBuGjabt7QEdHiUpydDb7GZ82bmOSCPDKEk1lJOsuv6Pvc3CvAsLBXGaUN9tFfz6TJ2
         ZH/9cNhQehxgS9Wg9Q/EYCecdwiq/l/kdE6xW1R4eJ8gln7v6lMRjCkgV7eXGOGY9tXF
         rRxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760393500; x=1760998300;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=k43wrHGCbEwS8NcdazaEE/eq1RdnzXKGS8G7jNDeu6Y=;
        b=cOuSu1Bc8SYLIf3a5tD2JwvnKBQPURTeknVsuGWmy9tlpbKymXRNYtRk/xY/tYhnyg
         ePhC4ygkrq6ksgmWbhJkFMufYlKsoOaonuagfvC4eIKKHV0DbMPPyEx+soEBmKVItdrj
         g8vHs53HPlOuKDGcQAUBNenlF37SFCqvjdZmiq50bm3XaDK/Pj/lUEKheXw8Dk6Z60Uu
         AdyhvurkaCycspHyX9yh+6d4YwvI5getvBqCHwmgurCSyhhnUzYFJaiH3m1WXIuKzwj3
         jpVzQE/KUP7LNhk0cFgywlaKHnCP+9YPhFqxx6AaRunChpgCzA9IjENaE49zb/e38H95
         Bdzg==
X-Forwarded-Encrypted: i=1; AJvYcCWpHRV2f7s8cR/UGKz8NGiP2HrQweQc1tmKwiMNNlIxg6++kmDL9G4dIdg9MrXGyDsvNCvWXRPHtYLurtMI@postgresql.org
X-Gm-Message-State: AOJu0YyvEafeCbAIhZi26ZJgdokbXbrOhXLPYJJX8sCsUI+xhTX7wYE5
	UoL+KSj4KKsm5X5BzvKYPTW9FGe9lU6tmWywdJXmA/CmPOYNHEqWPYlHHikRGDLsqQ==
X-Gm-Gg: ASbGnct6FwctrM//FWpKC/Np65yNlB9sMbdtDSijJfOSB8O/YHVnOTj1oRL91IDFgb0
	WZn9n4NfII9RZD3jbMccZlRN5Ut82qMchu1BcHE2Z2m/TUnVAQHAYrwhNEzCNDGa2x3AEwVqlyy
	cAUi+BWs1nw4f77YhN20m6+QZimmsGFzoaywattV8Onrjre0SEu78aMOONpIAJc0VNBN74qjw36
	x1QT992QcfISuajAge7pN3raWEQ/nU9f60he5DAJy29VbDSmaQM9CgkCHmc5JhcYA8drChqTKeO
	b44BjIkjq2gw5Qxaxz+9/xZW/5vyvOAPsjHwYlNEXINIWHKl9r9cOGBcxUVDSGn/m/8uuqpDsQJ
	QGkKGgkHuK8qElkPuwABg/429z4QcPvM8eBwtZ4WtFVc6OTBejOpyVLEt3IcjvY1TzmygBZa2dA
	==
X-Google-Smtp-Source: AGHT+IFJ1vqvKII0W7llkj16ZSNktlefcp43DDdQL3PgqEh/3X/qMkzB1d7yZz2Wi9SiiW0/tdJugQ==
X-Received: by 2002:a05:6a20:7493:b0:320:3da8:34d7 with SMTP id adf61e73a8af0-32da813b89emr28807051637.22.1760393499753;
        Mon, 13 Oct 2025 15:11:39 -0700 (PDT)
Received: from jeff-ws-bridge.lan (c-24-7-19-3.hsd1.ca.comcast.net. [24.7.19.3])
        by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7992d09659esm12945748b3a.45.2025.10.13.15.11.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 Oct 2025 15:11:39 -0700 (PDT)
Message-ID: <4f09548534fa28ee311bc158470496095251fda1.camel@j-davis.com>
Subject: Re: Clarification on Role Access Rights to Table Indexes
From: Jeff Davis <pgsql@j-davis.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Nathan Bossart <nathandbossart@gmail.com>, Ayush Vatsa
 <ayushvatsa1810@gmail.com>, Robert Haas <robertmhaas@gmail.com>, "David G.
 Johnston" <david.g.johnston@gmail.com>, PostgreSQL Hackers
 <pgsql-hackers@postgresql.org>
Date: Mon, 13 Oct 2025 15:11:38 -0700
In-Reply-To: <718744.1760390467@sss.pgh.pa.us>
References: 
	<CACX+KaNAbOzePn710EtzH9F5xiUdBC+u59=UMab=Wr8jgDKQtw@mail.gmail.com>
	 <Z8dcGMMP3-D5dobY@nathan>
	 <CACX+KaO4R9QDxbPSxSB0jNXFsqA6Jf=UPS+tyUvT_YvuP_grVA@mail.gmail.com>
	 <Z8yxsm9ZWVkHlPbV@nathan>
	 <CACX+KaP+6U9jf=GT4wpR7TvRvSMtTAhz=vP2Zr+ZdUFVZzqNsA@mail.gmail.com>
	 <Z8y9RTT-vU6oVI_Y@nathan> <149429.1741472260@sss.pgh.pa.us>
	 <Z8zwVmGzXyDdkAXj@nathan> <279947.1741535285@sss.pgh.pa.us>
	 <Z88CB-vDehJ9rW8u@nathan> <aNQVIVKarUipPcnW@nathan>
	 <3432170.1758730414@sss.pgh.pa.us>
	 <67e077fcfe474ce7c56d36492d89c150768271e1.camel@j-davis.com>
	 <718744.1760390467@sss.pgh.pa.us>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.3-0ubuntu1 
MIME-Version: 1.0
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/4f09548534fa28ee311bc158470496095251fda1.camel%40j-davis.com>
Precedence: bulk

On Mon, 2025-10-13 at 17:21 -0400, Tom Lane wrote:
> I don't think so.=C2=A0 Even AccessShareLock is enough to block another
> session trying to acquire AccessExclusiveLock, and then not only
> have you DoS'd that session, but everything else trying to access
> the table will queue up behind the AccessExclusiveLock request.
> So it's only not-a-problem if nothing anywhere in the system wants
> non-sharable locks.

I tried imagining how that could be a problem, but couldn't come up
with anything. If the privilege check is right after the lock, then
either:

(a) The malicious AccessShareLock is granted, then is quickly released
when the privilege check fails and the transaction aborts; or

(b) The malicious AccessShareLock is queued behind a legitimate
AccessExclusiveLock, in which case every other lock would be queued up
as well. As soon as the AccessExclusiveLock is released, the
AccessShareLock would be granted, but quickly released when the
privilege check fails.

For it to be a problem, the malicious lock needs to be strong enough to
conflict with a lock level weaker than itself, i.e. ShareLock or
stronger.

I'm not sure we save anything by being lazier for weaker lock levels,
so perhaps the point is irrelevant. But if I'm missing something,
please let me know.

Regards,
	Jeff Davis