Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: GRANT mistakenly allowed on system.lease, causing deadlocks #43842

Closed
Cynthia-Lee97 opened this issue Jan 9, 2020 · 1 comment · Fixed by #61410
Closed

sql: GRANT mistakenly allowed on system.lease, causing deadlocks #43842

Cynthia-Lee97 opened this issue Jan 9, 2020 · 1 comment · Fixed by #61410
Assignees
@RichardJCai
Labels
A-schema-descriptors Relating to SQL table/db descriptor handling. C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.

Comments

@Cynthia-Lee97
Copy link

Cynthia-Lee97 commented Jan 9, 2020
edited
Loading

Describe the problem
We all know that there are many system tables in the database.But I've found that programs get stuck when I try to grant to certain system tables

To Reproduce
Start the database and enter the statement:
GRANT GRANT, SELECT, INSERT, DELETE, UPDATE on system.lease to testuser
If possible, provide steps to reproduce the behavior:

  1. Set up CockroachDB cluster
  2. Send SQL statement: GRANT GRANT, SELECT, INSERT, DELETE, UPDATE on system.lease to testuser
  3. We'll find that the system is stuck

Expected behavior
Returns a sign of success or failure in empowerment

Environment:
•CockroachDB version [19.2.0]
•Server OS: [Linux]
•Client app [cockroach sql]
@Cynthia-Lee97 Cynthia-Lee97 changed the title Bug Bug Of System Tables' Grant Jan 9, 2020
@knz knz added C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. A-schema-descriptors Relating to SQL table/db descriptor handling. labels Apr 17, 2020
@knz
Copy link
Contributor

knz commented Apr 17, 2020
edited
Loading

GRANT on system.leases will try to bump its version number, which will cause a deadlock.

@lucy-zhang @ajwerner I propose to simply reject any use of GRANT/REVOKE on system tables. If there's a need to delegate responsibility, this should come via membership on the admin role. WDYT?

@knz knz changed the title Bug Of System Tables' Grant sql: GRANT mistakenly allowed on system.lease, causing deadlocks Apr 17, 2020
rohany added a commit to rohany/cockroach that referenced this issue Aug 31, 2020
@rohany
sql: disallow GRANT/REVOKE on system tables
a28ae5a 
Fixes cockroachdb#43842.

Disallow GRANT/REVOKE operations on system objects to avoid potential
deadlocks related to version bumps.

Release justification: bug fix
Release note (sql change): Disallow `GRANT/REVOKE` operations on system
tables.
Release note (bug fix): Fix a bug where `GRANT/REVOKE` on the
`system.lease` table would result in a deadlock.
@rohany rohany mentioned this issue Aug 31, 2020
Closed
@RichardJCai RichardJCai self-assigned this Mar 3, 2021
@RichardJCai RichardJCai mentioned this issue Mar 3, 2021
Merged
@craig craig bot closed this as completed in 0cea9dc Mar 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RichardJCai RichardJCai

Labels
A-schema-descriptors Relating to SQL table/db descriptor handling. C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.
Projects
None yet
Milestone
No milestone
3 participants
@knz @RichardJCai @Cynthia-Lee97