Re: Forbid to DROP temp tables of other sessions

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: "Andrey M(dot) Borodin" <x4mmm(at)yandex-team(dot)ru>
Cc: Andres Freund <andres(at)anarazel(dot)de>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Daniil Davydov <3danissimo(at)gmail(dot)com>, Rafia Sabih <rafia(dot)pghackers(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Forbid to DROP temp tables of other sessions
Date: 2025-03-17 06:52:31
Message-ID: CAKFQuwa2R=gp6VxJbQRLtD2+b84KkhRRY8pZ=Wxh60gViEpUrg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Saturday, November 23, 2024, Andrey M. Borodin <x4mmm(at)yandex-team(dot)ru>
wrote:
>
>
> It seems that protection of temp tables should belong to ACL stuff. And in
> a logic of this subsystem would be natural to just allow superuser do
> whatever they want with.
>

My understanding is the limitation of an owner of a temporary relation in
one session being disallowed to alter its contents from another session is
an implementation consequence, and not some fundamental model restriction.
ACL doesn’t interact with Sessions or Transactions. Nor should it.

Minimally informed thinking, associate the specific pg_temp namespace with
a procid. Where this limitation exists, which seems like middle
management, compare the proc of the namespace to the executor. Pass the
role and also an enum of action type (CRUD, drop, truncate, lock, etc…).
If the procs match all good. Superuser cannot bypass CRUD and similar as
that is the limitation being implemented here. And the owner cannot bypass
anything (exceptions could be added as desired).

Centralizing things a bit though…maybe something like the relcache (for
namespaces…) so you cannot even get a handle on the namespace if you don’t
supply the info and pass the checks. Don’t really know enough to say
where/how to implement “if you forget to call this check all commands that
can reference tables will fail”.

David J.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message vignesh C 2025-03-17 06:55:16 Re: Add SPLIT PARTITION/MERGE PARTITIONS commands
Previous Message vignesh C 2025-03-17 06:52:27 Re: Extensible storage manager API - SMGR hook Redux