From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | "Andrey M(dot) Borodin" <x4mmm(at)yandex-team(dot)ru> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Daniil Davydov <3danissimo(at)gmail(dot)com>, Rafia Sabih <rafia(dot)pghackers(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Forbid to DROP temp tables of other sessions |
Date: | 2025-03-17 06:52:31 |
Message-ID: | CAKFQuwa2R=gp6VxJbQRLtD2+b84KkhRRY8pZ=Wxh60gViEpUrg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Saturday, November 23, 2024, Andrey M. Borodin <x4mmm(at)yandex-team(dot)ru>
wrote:
>
>
> It seems that protection of temp tables should belong to ACL stuff. And in
> a logic of this subsystem would be natural to just allow superuser do
> whatever they want with.
>
My understanding is the limitation of an owner of a temporary relation in
one session being disallowed to alter its contents from another session is
an implementation consequence, and not some fundamental model restriction.
ACL doesn’t interact with Sessions or Transactions. Nor should it.
Minimally informed thinking, associate the specific pg_temp namespace with
a procid. Where this limitation exists, which seems like middle
management, compare the proc of the namespace to the executor. Pass the
role and also an enum of action type (CRUD, drop, truncate, lock, etc…).
If the procs match all good. Superuser cannot bypass CRUD and similar as
that is the limitation being implemented here. And the owner cannot bypass
anything (exceptions could be added as desired).
Centralizing things a bit though…maybe something like the relcache (for
namespaces…) so you cannot even get a handle on the namespace if you don’t
supply the info and pass the checks. Don’t really know enough to say
where/how to implement “if you forget to call this check all commands that
can reference tables will fail”.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | vignesh C | 2025-03-17 06:55:16 | Re: Add SPLIT PARTITION/MERGE PARTITIONS commands |
Previous Message | vignesh C | 2025-03-17 06:52:27 | Re: Extensible storage manager API - SMGR hook Redux |