| From: | Soumya S Murali <soumyamurali(dot)work(at)gmail(dot)com> |
|---|---|
| To: | Daniil Davydov <3danissimo(at)gmail(dot)com> |
| Cc: | Jim Jones <jim(dot)jones(at)uni-muenster(dot)de>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stepan Neretin <slpmcf(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Fix bug with accessing to temporary tables of other sessions |
| Date: | 2026-04-13 12:40:09 |
| Message-ID: | CAMtXxw_hBNuAWQUdSRMpoeRVRYr+5+S7p0bSzuqtHxfpzJPd3w@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
On Fri, Apr 10, 2026 at 12:40 PM Daniil Davydov <3danissimo(at)gmail(dot)com> wrote:
>
> Hi,
>
> On Fri, Apr 10, 2026 at 12:46 AM Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> wrote:
> >
> > I guess a check in read_stream_begin_relation()
> > and in StartReadBuffersImpl() would be the best solution? If you agree,
> > could you add it in v16?
>
> Having both checks might look a bit redundant since the read stream will
> eventually call the StartReadBuffersImpl function. On the other hand, there are
> many places which are checking this restriction even if subsequent functions
> (from bufmgr) also have this check.
>
> So, I'll keep both checks and a bit reduce the comments in the bufmgr.c .
>
> BTW, what do you think about making this comment less "concrete"? :
> # SELECT via index scan from other session.
> # Sequential scans are blocked at read_stream_begin_relation(); index scans
> # bypass that path entirely and reach ReadBufferExtended() in bufmgr.c
> # (nbtree's _bt_getbuf calls ReadBuffer directly for individual page fetches).
> # enable_seqscan=off forces the planner to use the index.
>
> I mean that if the described logic changes, this comment will become confusing.
> We can describe the test in general words. For example :
> # Index scans can use a different code path from the one sequential scans are
> # following. Make sure that we cannot access other sessions' temp tables during
> # index scan either.
>
>
> Thank you for the comments! Please, see an updated set of patches.
>
I tested the v16 patch on a clean tree and verified the behavior
across multiple execution paths. Same-session access to temporary
tables works as expected. Cross-session access is consistently
blocked; all attempts result in an error - "relation does not exist"
and no incorrect or empty result sets were observed. In many cases,
access is blocked earlier with “relation does not exist”, while the
patch ensures that deeper execution paths are also protected. Verified
both sequential and index scan paths (after disabling seqscan), and
access is correctly rejected in all the cases. Tested various query
forms including SELECT, COUNT(*), JOINs, subqueries, DML operations,
and EXPLAIN ANALYZE none allowed access to other sessions’ temporary
tables. pg_relation_size() returns metadata as expected and does not
expose incorrect data.
Please let me know if there are additional scenarios I should
validate. Looking forward to more feedback.
Regards,
Soumya
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ayush Tiwari | 2026-04-13 12:53:35 | Re: [PATCH] Fix NULL dereference in pg_get_database_ddl() |
| Previous Message | Soumya S Murali | 2026-04-13 12:36:03 | Re: Fix bug with accessing to temporary tables of other sessions |