Re: Add SPLIT PARTITION/MERGE PARTITIONS commands

Dmitry Koval <d.koval@postgrespro.ru>

From: Dmitry Koval <d.koval@postgrespro.ru>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Alexander Korotkov <aekorotkov@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2024-08-30T08:43:10Z
Lists: pgsql-hackers

Attachments

Hi!

I plan to prepare fixes for issues from email [1] as separate commits 
(for better code readability). Attachment in this email is a variant of 
fix for the issue:

 > 1. Function createPartitionTable() should be rewritten using
 > partitioned table OID (not name) and without using ProcessUtility().

Patch "Refactor createPartitionTable to remove ProcessUtility call" 
contains code changes + test (see file 
v33-0003-Refactor-createPartitionTable-to-remove-ProcessU.patch).

But I'm not sure that refactoring createPartitionTable is the best 
solution. PostgreSQL code has issue CVE-2014-0062 (commit 5f17304) - see 
relation_openrv() call in expandTableLikeClause() function [2] (opening 
relation by name after we got relation Oid).
Example for reproduce relation_openrv() call:

CREATE TABLE t (b bigint, i int DEFAULT 100);
CREATE TABLE t1 (LIKE t_bigint INCLUDING ALL);

Commit 04158e7fa3 [3] (by Alexander Korotkov) might be a good fix for 
this issue. But if we keep commit 04158e7fa3, do we need to refactor the 
createPartitionTable function (for removing ProcessUtility)?
Perhaps the existing code
1) v33-0002-Implement-ALTER-TABLE-.-SPLIT-PARTITION-.-comman.patch
2) v33-0003-Refactor-createPartitionTable-to-remove-ProcessU.patch +
with patch 04158e7fa3 will look better.


I would be very grateful for comments and suggestions.

Links.
[1] 
https://www.postgresql.org/message-id/859476bf-3cb0-455e-b093-b8ab5ef17f0e%40postgrespro.ru
[2] 
https://github.com/postgres/postgres/blob/c39afc38cfec7c34b883095062a89a63b221521a/src/backend/parser/parse_utilcmd.c#L1171
[3] 
https://github.com/postgres/postgres/commit/04158e7fa37c2dda9c3421ca922d02807b86df19

-- 
With best regards,
Dmitry Koval

Postgres Professional: http://postgrespro.com