Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack

Michael Paquier <michael@paquier.xyz>

From: Michael Paquier <michael@paquier.xyz>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Andres Freund <andres@anarazel.de>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, Robert Haas <robertmhaas@gmail.com>, "Schneider, Jeremy" <schnjere@amazon.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, "Albin, Lloyd P" <lalbin@scharp.org>
Date: 2018-07-26T20:41:27Z
Lists: pgsql-bugs, pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Improve VACUUM and ANALYZE by avoiding early lock queue

  2. Improve TRUNCATE by avoiding early lock queue

  3. Restrict access to reindex of shared catalogs for non-privileged users

  4. Improve behavior of concurrent CLUSTER.

On Thu, Jul 26, 2018 at 03:06:59PM +0000, Bossart, Nathan wrote:
> I took a look at 0001.

Thanks for the lookup.  0003 is the most simple in the set by the way.

> On 7/26/18, 12:24 AM, "Michael Paquier" <michael@paquier.xyz> wrote:
> -	myrelid = RelationGetRelid(rel);
> +	myrelid = RangeVarGetRelidExtended(rv, AccessExclusiveLock,
> +	    false, RangeVarCallbackForTruncate, NULL);
> 
> Should the flags argument be 0 instead of false?

Yes, those should be 0.  All patches are missing that.  It does not have
a bad consequence on the patch, still that's incorrect.
--
Michael