| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> |
| Cc: | Soumya S Murali <soumyamurali(dot)work(at)gmail(dot)com>, Daniil Davydov <3danissimo(at)gmail(dot)com>, Stepan Neretin <slpmcf(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Fix bug with accessing to temporary tables of other sessions |
| Date: | 2026-03-23 13:44:06 |
| Message-ID: | 3529398.1774273446@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> writes:
> This is a step forward in really isolating contents of temp tables from
> other sessions, but the more I think about it, the more I'm concerned
> with the current approach -- I spent some time investigating this
> problem a bit deeper last week.
Yeah. I think this entire approach is wrongheaded: we do not enforce
permissions checks against superusers. Moreover, if we try to fix it
at the permissions level, it seems nearly certain that there will be
bypass paths, simply because superusers bypass so many other checks.
The actual problem is that the buffer manager is incapable of dealing
with other sessions' temp tables, and we need to un-break the buffer
manager's defense for that implementation restriction. So I feel the
correct approach is something similar to what I described here:
https://www.postgresql.org/message-id/flat/2736425.1758475979%40sss.pgh.pa.us
I'm not wedded to that specific patch, but that is the implementation
level where the fix is needed.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bharath Rupireddy | 2026-03-23 13:53:28 | Re: Reduce log level of some logical decoding messages to DEBUG1 |
| Previous Message | Nazir Bilal Yavuz | 2026-03-23 13:39:28 | Re: meson vs. llvm bitcode files |