| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Greg Stark <stark(at)mit(dot)edu>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Quirk of pg_temp schemas ... |
| Date: | 2021-08-11 00:35:21 |
| Message-ID: | YRMbSbMT/hdFXnYw@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Aug 10, 2021 at 11:30:35AM -0400, Tom Lane wrote:
> Greg Stark <stark(at)mit(dot)edu> writes:
>> While fixing up a patch I had dealing with temporary tables I noticed
>> a bit of a quirk with pg_temp schemas. Namely that we have no actual
>> meta data marking them as temporary aside from their names. And we
>> don't do anything to protect that -- superuser can happily issue ALTER
>> SCHEMA RENAME to rename it to a name that doesn't match pg_temp*.
The fun does not stop here. Here is one: drop the existing temporary
schema as superuser, keep the connection that dropped it opened, and
play with various temporary objects, even types or functions.
> This seems to me to be not very different from the 1001 other ways that
> a superuser can break a database. If *non* superusers could rename
> those schemas then I'd agree there's a problem to be solved.
If non-superusers could do anything that change what's stored in
pg_namespace and make things inconsistent with the backend-specific
state stored in memory, we are in trouble.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2021-08-11 00:37:28 | Re: Next Steps with Hash Indexes |
| Previous Message | Michael Paquier | 2021-08-11 00:29:23 | Re: ECPG bug fix: DECALRE STATEMENT and DEALLOCATE, DESCRIBE |