Jim Jones <jim.jones@uni-muenster.de> writes:
> This is a step forward in really isolating contents of temp tables from
> other sessions, but the more I think about it, the more I'm concerned
> with the current approach -- I spent some time investigating this
> problem a bit deeper last week.
Yeah. I think this entire approach is wrongheaded: we do not enforce
permissions checks against superusers. Moreover, if we try to fix it
at the permissions level, it seems nearly certain that there will be
bypass paths, simply because superusers bypass so many other checks.
The actual problem is that the buffer manager is incapable of dealing
with other sessions' temp tables, and we need to un-break the buffer
manager's defense for that implementation restriction. So I feel the
correct approach is something similar to what I described here:
https://www.postgresql.org/message-id/flat/2736425.1758475979%40sss.pgh.pa.us
I'm not wedded to that specific patch, but that is the implementation
level where the fix is needed.
regards, tom lane
