Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp>, "andres@anarazel.de" <andres@anarazel.de>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "robertmhaas@gmail.com" <robertmhaas@gmail.com>, "Schneider, Jeremy" <schnjere@amazon.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "lalbin@scharp.org" <lalbin@scharp.org>
Date: 2018-08-29T01:34:41Z
Lists: pgsql-bugs, pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Improve VACUUM and ANALYZE by avoiding early lock queue
- a556549d7e6d 12.0 landed
-
Improve TRUNCATE by avoiding early lock queue
- f841ceb26d70 12.0 landed
-
Restrict access to reindex of shared catalogs for non-privileged users
- 87330e21c327 11.0 landed
- 661dd23950f2 12.0 landed
-
Improve behavior of concurrent CLUSTER.
- cbe24a6dd8fb 9.2.0 cited
Hi all, Here is a summary of what has happened since this thread has been created. Three problems reported on this thread have been solved and resulted in different commits for early lock lookups: - VACUUM FULL, patched on 12~: https://www.postgresql.org/message-id/20180812222142.GA6097@paquier.xyz Commit a556549: Improve VACUUM and ANALYZE by avoiding early lock queue - TRUNCATE, patched on 12~: https://www.postgresql.org/message-id/20180806165816.GA19883@paquier.xyz Commit f841ceb: Improve TRUNCATE by avoiding early lock queue - REINDEX, patched on 11~: https://www.postgresql.org/message-id/20180805211059.GA2185@paquier.xyz Commit 661dd23: Restrict access to reindex of shared catalogs for non-privileged users Please note that I have been very conservative with the different fixes as v11 is getting very close to release. The patch for REINDEX is a behavior change which will not get further down anyway. It would still be nice to get a second lookup at the code and look if there are other suspicious calls of relation_open or such which could allow non-privileged users to pile up locks and cause more DOS problems. Thanks, -- Michael