Jim Jones <[email protected]> writes: > This is a step forward in really isolating contents of temp tables from > other sessions, but the more I think about it, the more I'm concerned > with the current approach -- I spent some time investigating this > problem a bit deeper last week.
Yeah. I think this entire approach is wrongheaded: we do not enforce permissions checks against superusers. Moreover, if we try to fix it at the permissions level, it seems nearly certain that there will be bypass paths, simply because superusers bypass so many other checks. The actual problem is that the buffer manager is incapable of dealing with other sessions' temp tables, and we need to un-break the buffer manager's defense for that implementation restriction. So I feel the correct approach is something similar to what I described here: https://www.postgresql.org/message-id/flat/2736425.1758475979%40sss.pgh.pa.us I'm not wedded to that specific patch, but that is the implementation level where the fix is needed. regards, tom lane
