diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-12-27 17:59:32 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-12-27 17:59:32 +0900 |
| commit | 12cb5478a2a451fd291a535b8b1b387b3a81914a (patch) | |
| tree | 32ae9dcc6f326613926cc35943828135a42dd7ac /src | |
| parent | 893eaf0be8be32f1d6ee364d5d9e2dae0d87ebfd (diff) | |
Forbid DROP SCHEMA on temporary namespaces
This operation was possible for the owner of the schema or a superuser.
Down to 9.4, doing this operation would cause inconsistencies in a
session whose temporary schema was dropped, particularly if trying to
create new temporary objects after the drop. A more annoying
consequence is a crash of autovacuum on an assertion failure when
logging information about an orphaned temp table dropped. Note that
because of 246a6c8 (present in v11~), which has made the removal of
orphaned temporary tables more aggressive, the failure could be
triggered more easily, but it is possible to reproduce down to 9.4.
Reported-by: Mahendra Singh, Prabhat Sahu
Author: Michael Paquier
Reviewed-by: Kyotaro Horiguchi, Mahendra Singh
Discussion: https://postgr.es/m/CAKYtNAr9Zq=1-ww4etHo-VCC-k120YxZy5OS01VkaLPaDbv2tg@mail.gmail.com
Backpatch-through: 9.4
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/commands/dropcmds.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/backend/commands/dropcmds.c b/src/backend/commands/dropcmds.c index f04f4f5f31e..b936d6af6ce 100644 --- a/src/backend/commands/dropcmds.c +++ b/src/backend/commands/dropcmds.c @@ -26,6 +26,7 @@ #include "nodes/makefuncs.h" #include "parser/parse_type.h" #include "utils/builtins.h" +#include "utils/lsyscache.h" #include "utils/syscache.h" @@ -116,6 +117,21 @@ RemoveObjects(DropStmt *stmt) ReleaseSysCache(tup); } + /* + * Prevent the drop of a temporary schema, be it owned by the current + * session or another backend as this would mess up with the callback + * registered to clean up temporary objects at the end of a session. + * Note also that the creation of any follow-up temporary object would + * result in inconsistencies within the session whose temporary schema + * has been dropped. + */ + if (stmt->removeType == OBJECT_SCHEMA && + isAnyTempNamespace(address.objectId)) + ereport(ERROR, + (errcode(ERRCODE_WRONG_OBJECT_TYPE), + errmsg("cannot drop temporary schema \"%s\"", + get_namespace_name(address.objectId)))); + /* Check permissions. */ namespaceId = get_object_namespace(&address); if (!OidIsValid(namespaceId) || |