Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ugElh-000A1c-RH for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 03:43:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1ugEle-003xDr-RY for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 03:43:15 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1ugEle-003xDj-8I for pgsql-hackers@lists.postgresql.org; Mon, 28 Jul 2025 03:43:14 +0000 Received: from mail-oi1-x232.google.com ([2607:f8b0:4864:20::232]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1ugElc-0018gp-0S for pgsql-hackers@postgresql.org; Mon, 28 Jul 2025 03:43:13 +0000 Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-41b357ba04fso1811672b6e.2 for ; Sun, 27 Jul 2025 20:43:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1753674190; x=1754278990; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xmvKuRmhgjjvxnCAxQodU03+ESinPNLcVJapYixScBY=; b=OWQyvZ9+3+jzbUG2F7nxsP7C8NAx1tcOY2GDodyNtI4UtcRsbfiEUFyiMzL/+tVK1b 3tXTHg6xZnRcAXcqkXwSa4smNXYHrHP2dXH1hl5OJpNK3h6cvcMfhTBXDGQMvmkXyvt1 SaLcueWZwz9D/5LT9XKZ5uXF/5kw7KGGC43oiBO0GdsGMQCpEqviHTfnVhQTnwaE5x8n 5wSy2vDlXg+tJgiF3nK7uXmIyFpkfg1h9uTguXO0Az1BpQLXhE6OtLdmhpuHUqzC7/+X eVAzzu4JZZ0LFQdcD+YXxhY/LB0oRCAoG1IGmTuuNxZ49VFQ2ti5HmZBfjMAFgDrtG6Y sViQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1753674190; x=1754278990; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xmvKuRmhgjjvxnCAxQodU03+ESinPNLcVJapYixScBY=; b=j2lMt3zmmPBiGsr8adTMdsHLhVXjW0U12ssjhsVThITmd8Xy8gIjvEWvCd5w5GPhzP NfxaAdHjG5SeGbw6RomOMEUiwEosB0IQq8odJ9/layG6Ub129EV89QTPDRhY0aQrIvQM DPHJ6ZpP2Uuh7qiw5Fbm56ZUBgmWF4NhfmsZogO9x0/4eMCYOiEXhHCHCw4vo3aS44Bx gzl/WR7ehgptF35eK9mQ0HS/k5SSJmhubUnNNaL1e3fiyf9W8GF/ZPUkC8BQppTXidtO d9hBjVfKnHn1uvE6nbQAOiDBXrctD2BK6E4z7VyhwpjVOiIjLwaAz8VC93R4oXmSwhVt GQxA== X-Gm-Message-State: AOJu0YwtVEaVocGqSpfNF9ZGgSc3ePIhne6UY6tENYYYiCY92Uw6UxK5 CHyXUFUvHNodOozmAQm6udvafkg0jUXHRMnsoELNJiTUpMMaPrvhYFHXQ58trjxTbipECxT/JCF lmFuDPT0+UFb/lkvrA9kBsuimZoBag2b5ahx94hy0cQ== X-Gm-Gg: ASbGncuOyt2EvWUMb4Ulu3jKm8LRLS54k9fVlHr47m30FxtjYxFYWH9q+H2q07BvTOf B5dK2PaAha62rusjNUiY/Ig2lKXvoDuz5hzjW7xlcyp3rITEFrKLofYl5LxdarPetKYUgIwQ+Pi Zn8uPIQL3JyjksjLx4HxbTIQFQw8kihRSakegX7p06qJsW2alKEkTgGuEt60ZdCAGfN2U76tpqo c/eoy1E X-Google-Smtp-Source: AGHT+IGifjdoClNWl5tp1bIsQ7cTFZ0Z1U32VbNuv188VwdcOGoRr2nPZvf6OftsJJvYNdboNVLKCtn5jWdJuB06vFA= X-Received: by 2002:a05:6808:170c:b0:40b:711:377d with SMTP id 5614622812f47-42bba0ed70amr5288587b6e.18.1753674190483; Sun, 27 Jul 2025 20:43:10 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Stepan Neretin Date: Mon, 28 Jul 2025 10:42:58 +0700 X-Gm-Features: Ac12FXwKf0L8ZfdnAD57iIfQuVWPbFGqKg4anjdzRhzDRqxLejH2zHnuC5I4ihI Message-ID: Subject: Re: Fix bug with accessing to temporary tables of other sessions To: Daniil Davydov <3danissimo@gmail.com> Cc: PostgreSQL Hackers Content-Type: multipart/mixed; boundary="0000000000002d7756063af517af" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000002d7756063af517af Content-Type: multipart/alternative; boundary="0000000000002d7754063af517ad" --0000000000002d7754063af517ad Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Apr 14, 2025 at 12:36=E2=80=AFPM Daniil Davydov <3danissimo@gmail.c= om> wrote: > Hi, > > During previous commitfest this topic already has been discussed > within the "Forbid to DROP temp tables of other sessions" thread [1]. > Unfortunately its name doesn't reflect the real problem, so I decided > to start a new thread, as David G. Johnston advised. > > Here are the summary results of the discussion [1] : > The superuser is only allowed to DROP temporary relations of other > sessions. Other commands (like SELECT, INSERT, UPDATE, DELETE ...) > must be forbidden to him. Error message for this case will look like > this : `could not access temporary relations of other sessions`. > For now, superuser still can specify such operations because of a bug > in the code that mistakenly recognizes other session's temp table as > permanent (I've covered this topic in more detail in [2]). Attached > patch fixes this bug (targeted on > b51f86e49a7f119004c0ce5d0be89cdf98309141). > > Opened issue: > Not everyone liked the idea that table's persistence can be assigned > to table during makeRangeVarXXX calls (inside gram.y). > My opinion - `As far as "pg_temp_" prefix is reserved by the postgres > kernel, we can definitely say that we have encountered a temporary > table when we see this prefix.` > > I will be glad to hear your opinion. > > -- > Best regards, > Daniil Davydov > > [1] > https://www.postgresql.org/message-id/CAJDiXgj72Axj0d4ojKdRWG_rnkfs4uWY41= 4NL%3D15sCvh7-9rwg%40mail.gmail.com > [2] > https://www.postgresql.org/message-id/CAJDiXgj%2B5UKLWSUT5605rJhuw438NmEK= ecvhFAF2nnrMsgGK3w%40mail.gmail.com Hi Daniil, Your patch for securing cross-session temp table access is a great improvement. The RVR_OTHER_TEMP_OK flag elegantly handles the DROP case while keeping the main restriction in place. For schema name validation, an exact strcmp for "pg_temp" and proper numeric parsing for "pg_temp_X" would be more precise than the current prefix check. This would avoid any accidental matches to similarly named schemas. The error message could be adjusted to emphasize permissions, like "permission denied for cross-session temp table access". This would make the security intent clearer to users. I noticed the Assert assumes myTempNamespace is always valid. While correct, a brief comment explaining why this is safe would help future maintainers. The relpersistence logic could also be centralized in one place for consistency. I've added an isolation test to verify the behavior when trying to access another backend's temp tables. It confirms the restrictions work as intended while allowing permitted operations. Thanks for working on this important security enhancement! Best regards, Stepan Neretin --0000000000002d7754063af517ad Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable



On Mon, Apr 14, 2025 at 12:36=E2=80=AFPM Daniil Davydov <3danissimo@gmail.com= > wrote:
Hi,<= br>
During previous commitfest this topic already has been discussed
within the "Forbid to DROP temp tables of other sessions" thread = [1].
Unfortunately its name doesn't reflect the real problem, so I decided to start a new thread, as David G. Johnston advised.

Here are the summary results of the discussion [1] :
The superuser is only allowed to DROP temporary relations of other
sessions. Other commands (like SELECT, INSERT, UPDATE, DELETE ...)
must be forbidden to him. Error message for this case will look like
this : `could not access temporary relations of other sessions`.
For now, superuser still can specify such operations because of a bug
in the code that mistakenly recognizes other session's temp table as permanent (I've covered this topic in more detail in [2]). Attached
patch fixes this bug (targeted on
b51f86e49a7f119004c0ce5d0be89cdf98309141).

Opened issue:
Not everyone liked the idea that table's persistence can be assigned to table during makeRangeVarXXX calls (inside gram.y).
My opinion - `As far as "pg_temp_" prefix is reserved by the post= gres
kernel, we can definitely say that we have encountered a temporary
table when we see this prefix.`

I will be glad to hear your opinion.

--
Best regards,
Daniil Davydov

[1] https://www.postgresql.org/message-id/CAJDiXgj72Axj0d4ojKdRWG_r= nkfs4uWY414NL%3D15sCvh7-9rwg%40mail.gmail.com
[2] https://www.postgresql.org/message-id/CAJDiXgj%2B5UKLWSUT5605rJ= huw438NmEKecvhFAF2nnrMsgGK3w%40mail.gmail.com


=C2=A0Hi Daniil,

Your patch for securing cross= -session temp table access is a great improvement. The RVR_OTHER_TEMP_OK fl= ag elegantly handles the DROP case while keeping the main restriction in pl= ace.

For schema name validation, an exact strcmp for "pg_temp&q= uot; and proper numeric parsing for "pg_temp_X" would be more pre= cise than the current prefix check. This would avoid any accidental matches= to similarly named schemas.

The error message could be adjusted to = emphasize permissions, like "permission denied for cross-session temp = table access". This would make the security intent clearer to users.
I noticed the Assert assumes myTempNamespace is always valid. While c= orrect, a brief comment explaining why this is safe would help future maint= ainers. The relpersistence logic could also be centralized in one place for= consistency.

I've added an isolation test to verify the behavio= r when trying to access another backend's temp tables. It confirms the = restrictions work as intended while allowing permitted operations.

T= hanks for working on this important security enhancement!

Best regar= ds,
Stepan Neretin
--0000000000002d7754063af517ad-- --0000000000002d7756063af517af Content-Type: text/x-patch; charset="US-ASCII"; name="v6-0001-Fix-accessing-other-sessions-temp-tables.patch" Content-Disposition: attachment; filename="v6-0001-Fix-accessing-other-sessions-temp-tables.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mdmjq8zk1 RnJvbSBkYTI3YmMxOTBmYWFiMzg1M2Y2YTJjYzA3NDhmMWY1NDc2MjE1MDAxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEYW5paWwgRGF2aWRvdiA8ZC5kYXZ5ZG92QHBvc3RncmVzcHJv LnJ1PgpEYXRlOiBNb24sIDE0IEFwciAyMDI1IDExOjAxOjU2ICswNzAwClN1YmplY3Q6IFtQQVRD SCB2NiAxLzJdIEZpeCBhY2Nlc3Npbmcgb3RoZXIgc2Vzc2lvbnMgdGVtcCB0YWJsZXMKCi0tLQog c3JjL2JhY2tlbmQvY2F0YWxvZy9uYW1lc3BhY2UuYyAgfCA1NiArKysrKysrKysrKysrKysrKysr Ky0tLS0tLS0tLS0tLQogc3JjL2JhY2tlbmQvY29tbWFuZHMvdGFibGVjbWRzLmMgfCAgMyArLQog c3JjL2JhY2tlbmQvbm9kZXMvbWFrZWZ1bmNzLmMgICAgfCAgNiArKystCiBzcmMvYmFja2VuZC9w YXJzZXIvZ3JhbS55ICAgICAgICB8IDExICsrKysrKy0KIHNyYy9pbmNsdWRlL2NhdGFsb2cvbmFt ZXNwYWNlLmggIHwgIDIgKysKIDUgZmlsZXMgY2hhbmdlZCwgNTUgaW5zZXJ0aW9ucygrKSwgMjMg ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL2JhY2tlbmQvY2F0YWxvZy9uYW1lc3BhY2Uu YyBiL3NyYy9iYWNrZW5kL2NhdGFsb2cvbmFtZXNwYWNlLmMKaW5kZXggZDk3ZDYzMmE3ZWYuLmY0 MDdlZmQ5NDQ3IDEwMDY0NAotLS0gYS9zcmMvYmFja2VuZC9jYXRhbG9nL25hbWVzcGFjZS5jCisr KyBiL3NyYy9iYWNrZW5kL2NhdGFsb2cvbmFtZXNwYWNlLmMKQEAgLTQ5OSwyOCArNDk5LDQ0IEBA IFJhbmdlVmFyR2V0UmVsaWRFeHRlbmRlZChjb25zdCBSYW5nZVZhciAqcmVsYXRpb24sIExPQ0tN T0RFIGxvY2ttb2RlLAogCQkgKi8KIAkJaWYgKHJlbGF0aW9uLT5yZWxwZXJzaXN0ZW5jZSA9PSBS RUxQRVJTSVNURU5DRV9URU1QKQogCQl7Ci0JCQlpZiAoIU9pZElzVmFsaWQobXlUZW1wTmFtZXNw YWNlKSkKLQkJCQlyZWxJZCA9IEludmFsaWRPaWQ7IC8qIHRoaXMgcHJvYmFibHkgY2FuJ3QgaGFw cGVuPyAqLwotCQkJZWxzZQotCQkJewotCQkJCWlmIChyZWxhdGlvbi0+c2NoZW1hbmFtZSkKLQkJ CQl7Ci0JCQkJCU9pZAkJCW5hbWVzcGFjZUlkOworCQkJT2lkCW5hbWVzcGFjZUlkOwogCi0JCQkJ CW5hbWVzcGFjZUlkID0gTG9va3VwRXhwbGljaXROYW1lc3BhY2UocmVsYXRpb24tPnNjaGVtYW5h bWUsIG1pc3Npbmdfb2spOworCQkJaWYgKHJlbGF0aW9uLT5zY2hlbWFuYW1lKQorCQkJeworCQkJ CW5hbWVzcGFjZUlkID0gTG9va3VwRXhwbGljaXROYW1lc3BhY2UocmVsYXRpb24tPnNjaGVtYW5h bWUsIG1pc3Npbmdfb2spOwogCisJCQkJLyoKKwkJCQkgKiBJZiB0aGUgdXNlciBoYXMgc3BlY2lm aWVkIGFuIGV4aXN0aW5nIHRlbXBvcmFyeSBzY2hlbWEKKwkJCQkgKiBvd25lZCBieSBhbm90aGVy IHVzZXIuCisJCQkJICovCisJCQkJaWYgKE9pZElzVmFsaWQobmFtZXNwYWNlSWQpICYmIG5hbWVz cGFjZUlkICE9IG15VGVtcE5hbWVzcGFjZSkKKwkJCQl7CiAJCQkJCS8qCi0JCQkJCSAqIEZvciBt aXNzaW5nX29rLCBhbGxvdyBhIG5vbi1leGlzdGVudCBzY2hlbWEgbmFtZSB0bwotCQkJCQkgKiBy ZXR1cm4gSW52YWxpZE9pZC4KKwkJCQkJICogV2UgZG9uJ3QgYWxsb3cgdXNlcnMgdG8gYWNjZXNz IHRlbXAgdGFibGVzIG9mIG90aGVyCisJCQkJCSAqIHNlc3Npb25zIGV4Y2VwdCBmb3IgdGhlIGNh c2Ugb2YgZHJvcHBpbmcgdGFibGVzLgogCQkJCQkgKi8KLQkJCQkJaWYgKG5hbWVzcGFjZUlkICE9 IG15VGVtcE5hbWVzcGFjZSkKKwkJCQkJaWYgKCEoZmxhZ3MgJiBSVlJfT1RIRVJfVEVNUF9PSykp CiAJCQkJCQllcmVwb3J0KEVSUk9SLAotCQkJCQkJCQkoZXJyY29kZShFUlJDT0RFX0lOVkFMSURf VEFCTEVfREVGSU5JVElPTiksCi0JCQkJCQkJCSBlcnJtc2coInRlbXBvcmFyeSB0YWJsZXMgY2Fu bm90IHNwZWNpZnkgYSBzY2hlbWEgbmFtZSIpKSk7CisJCQkJCQkJCShlcnJjb2RlKEVSUkNPREVf RkVBVFVSRV9OT1RfU1VQUE9SVEVEKSwKKwkJCQkJCQkJIGVycm1zZygiY291bGQgbm90IGFjY2Vz cyB0ZW1wb3JhcnkgcmVsYXRpb25zIG9mIG90aGVyIHNlc3Npb25zIikpKTsKIAkJCQl9CisJCQl9 CisJCQllbHNlCisJCQl7CisJCQkJbmFtZXNwYWNlSWQgPSBteVRlbXBOYW1lc3BhY2U7CiAKLQkJ CQlyZWxJZCA9IGdldF9yZWxuYW1lX3JlbGlkKHJlbGF0aW9uLT5yZWxuYW1lLCBteVRlbXBOYW1l c3BhY2UpOworCQkJCS8qCisJCQkJICogSWYgdGhpcyB0YWJsZSB3YXMgcmVjb2duaXplZCBhcyB0 ZW1wb3JhcnksIGl0IG1lYW5zIHRoYXQgd2UKKwkJCQkgKiBmb3VuZCBpdCBiZWNhdXNlIGJhY2tl bmQncyB0ZW1wb3JhcnkgbmFtZXNwYWNlIHdhcyBzcGVjaWZpZWQKKwkJCQkgKiBpbiBzZWFyY2hf cGF0aC4gVGh1cywgTXlUZW1wTmFtZXNwYWNlIG11c3QgY29udGFpbiB2YWxpZCBvaWQuCisJCQkJ ICovCisJCQkJQXNzZXJ0KE9pZElzVmFsaWQobmFtZXNwYWNlSWQpKTsKIAkJCX0KKworCQkJaWYg KG1pc3Npbmdfb2sgJiYgIU9pZElzVmFsaWQobmFtZXNwYWNlSWQpKQorCQkJCXJlbElkID0gSW52 YWxpZE9pZDsKKwkJCWVsc2UKKwkJCQlyZWxJZCA9IGdldF9yZWxuYW1lX3JlbGlkKHJlbGF0aW9u LT5yZWxuYW1lLCBuYW1lc3BhY2VJZCk7CiAJCX0KIAkJZWxzZSBpZiAocmVsYXRpb24tPnNjaGVt YW5hbWUpCiAJCXsKQEAgLTM1NTMsMjEgKzM1NjksMTkgQEAgZ2V0X25hbWVzcGFjZV9vaWQoY29u c3QgY2hhciAqbnNwbmFtZSwgYm9vbCBtaXNzaW5nX29rKQogUmFuZ2VWYXIgKgogbWFrZVJhbmdl VmFyRnJvbU5hbWVMaXN0KGNvbnN0IExpc3QgKm5hbWVzKQogewotCVJhbmdlVmFyICAgKnJlbCA9 IG1ha2VSYW5nZVZhcihOVUxMLCBOVUxMLCAtMSk7CisJUmFuZ2VWYXIgICAqcmVsOwogCiAJc3dp dGNoIChsaXN0X2xlbmd0aChuYW1lcykpCiAJewogCQljYXNlIDE6Ci0JCQlyZWwtPnJlbG5hbWUg PSBzdHJWYWwobGluaXRpYWwobmFtZXMpKTsKKwkJCXJlbCA9IG1ha2VSYW5nZVZhcihOVUxMLCBz dHJWYWwobGluaXRpYWwobmFtZXMpKSwgLTEpOwogCQkJYnJlYWs7CiAJCWNhc2UgMjoKLQkJCXJl bC0+c2NoZW1hbmFtZSA9IHN0clZhbChsaW5pdGlhbChuYW1lcykpOwotCQkJcmVsLT5yZWxuYW1l ID0gc3RyVmFsKGxzZWNvbmQobmFtZXMpKTsKKwkJCXJlbCA9IG1ha2VSYW5nZVZhcihzdHJWYWwo bGluaXRpYWwobmFtZXMpKSwgc3RyVmFsKGxzZWNvbmQobmFtZXMpKSwgLTEpOwogCQkJYnJlYWs7 CiAJCWNhc2UgMzoKKwkJCXJlbCA9IG1ha2VSYW5nZVZhcihzdHJWYWwobHNlY29uZChuYW1lcykp LCBzdHJWYWwobHRoaXJkKG5hbWVzKSksIC0xKTsKIAkJCXJlbC0+Y2F0YWxvZ25hbWUgPSBzdHJW YWwobGluaXRpYWwobmFtZXMpKTsKLQkJCXJlbC0+c2NoZW1hbmFtZSA9IHN0clZhbChsc2Vjb25k KG5hbWVzKSk7Ci0JCQlyZWwtPnJlbG5hbWUgPSBzdHJWYWwobHRoaXJkKG5hbWVzKSk7CiAJCQli cmVhazsKIAkJZGVmYXVsdDoKIAkJCWVyZXBvcnQoRVJST1IsCkBAIC0zNzc0LDYgKzM3ODgsOCBA QCBHZXRUZW1wTmFtZXNwYWNlUHJvY051bWJlcihPaWQgbmFtZXNwYWNlSWQpCiAJCXJldHVybiBJ TlZBTElEX1BST0NfTlVNQkVSOyAvKiBubyBzdWNoIG5hbWVzcGFjZT8gKi8KIAlpZiAoc3RybmNt cChuc3BuYW1lLCAicGdfdGVtcF8iLCA4KSA9PSAwKQogCQlyZXN1bHQgPSBhdG9pKG5zcG5hbWUg KyA4KTsKKwllbHNlIGlmIChzdHJjbXAobnNwbmFtZSwgInBnX3RlbXAiKSA9PSAwKQorCQlyZXN1 bHQgPSBNeVByb2NOdW1iZXI7CiAJZWxzZSBpZiAoc3RybmNtcChuc3BuYW1lLCAicGdfdG9hc3Rf dGVtcF8iLCAxNCkgPT0gMCkKIAkJcmVzdWx0ID0gYXRvaShuc3BuYW1lICsgMTQpOwogCWVsc2UK ZGlmZiAtLWdpdCBhL3NyYy9iYWNrZW5kL2NvbW1hbmRzL3RhYmxlY21kcy5jIGIvc3JjL2JhY2tl bmQvY29tbWFuZHMvdGFibGVjbWRzLmMKaW5kZXggY2I4MTE1MjBjMjkuLjc2NDA2YjVhOWQ5IDEw MDY0NAotLS0gYS9zcmMvYmFja2VuZC9jb21tYW5kcy90YWJsZWNtZHMuYworKysgYi9zcmMvYmFj a2VuZC9jb21tYW5kcy90YWJsZWNtZHMuYwpAQCAtMTYyMyw3ICsxNjIzLDggQEAgUmVtb3ZlUmVs YXRpb25zKERyb3BTdG10ICpkcm9wKQogCQlzdGF0ZS5oZWFwT2lkID0gSW52YWxpZE9pZDsKIAkJ c3RhdGUucGFydFBhcmVudE9pZCA9IEludmFsaWRPaWQ7CiAKLQkJcmVsT2lkID0gUmFuZ2VWYXJH ZXRSZWxpZEV4dGVuZGVkKHJlbCwgbG9ja21vZGUsIFJWUl9NSVNTSU5HX09LLAorCQlyZWxPaWQg PSBSYW5nZVZhckdldFJlbGlkRXh0ZW5kZWQocmVsLCBsb2NrbW9kZSwKKwkJCQkJCQkJCQkgIFJW Ul9NSVNTSU5HX09LIHwgUlZSX09USEVSX1RFTVBfT0ssCiAJCQkJCQkJCQkJICBSYW5nZVZhckNh bGxiYWNrRm9yRHJvcFJlbGF0aW9uLAogCQkJCQkJCQkJCSAgJnN0YXRlKTsKIApkaWZmIC0tZ2l0 IGEvc3JjL2JhY2tlbmQvbm9kZXMvbWFrZWZ1bmNzLmMgYi9zcmMvYmFja2VuZC9ub2Rlcy9tYWtl ZnVuY3MuYwppbmRleCBlMmQ5ZTliZTQxYS4uNjJlZGYyNGI1YzIgMTAwNjQ0Ci0tLSBhL3NyYy9i YWNrZW5kL25vZGVzL21ha2VmdW5jcy5jCisrKyBiL3NyYy9iYWNrZW5kL25vZGVzL21ha2VmdW5j cy5jCkBAIC00NzgsMTAgKzQ3OCwxNCBAQCBtYWtlUmFuZ2VWYXIoY2hhciAqc2NoZW1hbmFtZSwg Y2hhciAqcmVsbmFtZSwgaW50IGxvY2F0aW9uKQogCXItPnNjaGVtYW5hbWUgPSBzY2hlbWFuYW1l OwogCXItPnJlbG5hbWUgPSByZWxuYW1lOwogCXItPmluaCA9IHRydWU7Ci0Jci0+cmVscGVyc2lz dGVuY2UgPSBSRUxQRVJTSVNURU5DRV9QRVJNQU5FTlQ7CiAJci0+YWxpYXMgPSBOVUxMOwogCXIt PmxvY2F0aW9uID0gbG9jYXRpb247CiAKKwlpZiAoci0+c2NoZW1hbmFtZSAmJiBzdHJuY21wKHIt PnNjaGVtYW5hbWUsICJwZ190ZW1wIiwgNykgPT0gMCkKKwkJci0+cmVscGVyc2lzdGVuY2UgPSBS RUxQRVJTSVNURU5DRV9URU1QOworCWVsc2UKKwkJci0+cmVscGVyc2lzdGVuY2UgPSBSRUxQRVJT SVNURU5DRV9QRVJNQU5FTlQ7CisKIAlyZXR1cm4gcjsKIH0KIApkaWZmIC0tZ2l0IGEvc3JjL2Jh Y2tlbmQvcGFyc2VyL2dyYW0ueSBiL3NyYy9iYWNrZW5kL3BhcnNlci9ncmFtLnkKaW5kZXggZGI0 MzAzNGI5ZGIuLjFiOTU5ZTc1MmMzIDEwMDY0NAotLS0gYS9zcmMvYmFja2VuZC9wYXJzZXIvZ3Jh bS55CisrKyBiL3NyYy9iYWNrZW5kL3BhcnNlci9ncmFtLnkKQEAgLTE5NDA1LDcgKzE5NDA1LDEx IEBAIG1ha2VSYW5nZVZhckZyb21BbnlOYW1lKExpc3QgKm5hbWVzLCBpbnQgcG9zaXRpb24sIGNv cmVfeXlzY2FuX3QgeXlzY2FubmVyKQogCQkJYnJlYWs7CiAJfQogCi0Jci0+cmVscGVyc2lzdGVu Y2UgPSBSRUxQRVJTSVNURU5DRV9QRVJNQU5FTlQ7CisJaWYgKHItPnNjaGVtYW5hbWUgJiYgc3Ry bmNtcChyLT5zY2hlbWFuYW1lLCAicGdfdGVtcCIsIDcpID09IDApCisJCXItPnJlbHBlcnNpc3Rl bmNlID0gUkVMUEVSU0lTVEVOQ0VfVEVNUDsKKwllbHNlCisJCXItPnJlbHBlcnNpc3RlbmNlID0g UkVMUEVSU0lTVEVOQ0VfUEVSTUFORU5UOworCiAJci0+bG9jYXRpb24gPSBwb3NpdGlvbjsKIAog CXJldHVybiByOwpAQCAtMTk0NDUsNiArMTk0NDksMTEgQEAgbWFrZVJhbmdlVmFyRnJvbVF1YWxp ZmllZE5hbWUoY2hhciAqbmFtZSwgTGlzdCAqbmFtZWxpc3QsIGludCBsb2NhdGlvbiwKIAkJCWJy ZWFrOwogCX0KIAorCWlmIChyLT5zY2hlbWFuYW1lICYmIHN0cm5jbXAoci0+c2NoZW1hbmFtZSwg InBnX3RlbXAiLCA3KSA9PSAwKQorCQlyLT5yZWxwZXJzaXN0ZW5jZSA9IFJFTFBFUlNJU1RFTkNF X1RFTVA7CisJZWxzZQorCQlyLT5yZWxwZXJzaXN0ZW5jZSA9IFJFTFBFUlNJU1RFTkNFX1BFUk1B TkVOVDsKKwogCXJldHVybiByOwogfQogCmRpZmYgLS1naXQgYS9zcmMvaW5jbHVkZS9jYXRhbG9n L25hbWVzcGFjZS5oIGIvc3JjL2luY2x1ZGUvY2F0YWxvZy9uYW1lc3BhY2UuaAppbmRleCA4Yzdj Y2M2OWEzYy4uOWM0NWEzMDUxNmUgMTAwNjQ0Ci0tLSBhL3NyYy9pbmNsdWRlL2NhdGFsb2cvbmFt ZXNwYWNlLmgKKysrIGIvc3JjL2luY2x1ZGUvY2F0YWxvZy9uYW1lc3BhY2UuaApAQCAtNzIsNiAr NzIsOCBAQCB0eXBlZGVmIGVudW0gUlZST3B0aW9uCiAJUlZSX01JU1NJTkdfT0sgPSAxIDw8IDAs CS8qIGRvbid0IGVycm9yIGlmIHJlbGF0aW9uIGRvZXNuJ3QgZXhpc3QgKi8KIAlSVlJfTk9XQUlU ID0gMSA8PCAxLAkJLyogZXJyb3IgaWYgcmVsYXRpb24gY2Fubm90IGJlIGxvY2tlZCAqLwogCVJW Ul9TS0lQX0xPQ0tFRCA9IDEgPDwgMiwJLyogc2tpcCBpZiByZWxhdGlvbiBjYW5ub3QgYmUgbG9j a2VkICovCisJUlZSX09USEVSX1RFTVBfT0sgPSAxIDw8IDMJLyogZG9uJ3QgZXJyb3IgaWYgcmVs YXRpb24gaXMgdGVtcCByZWxhdGlvbiBvZgorCQkJCQkJCQkgICBvdGhlciBzZXNzaW9uIChuZWVk ZWQgZm9yIERST1AgY29tbWFuZCkgKi8KIH0JCQlSVlJPcHRpb247CiAKIHR5cGVkZWYgdm9pZCAo KlJhbmdlVmFyR2V0UmVsaWRDYWxsYmFjaykgKGNvbnN0IFJhbmdlVmFyICpyZWxhdGlvbiwgT2lk IHJlbElkLAotLSAKMi40OC4xCgo= --0000000000002d7756063af517af Content-Type: text/x-patch; charset="US-ASCII"; name="v6-0002-Prevent-cross-session-temp-table-access-test.patch" Content-Disposition: attachment; filename="v6-0002-Prevent-cross-session-temp-table-access-test.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mdmjq8zb0 RnJvbSBjMGNiZGYzMTA3NTJiNTFlMmM0NzUzYmQxZTgxYWJmZDgzYzc1OWJlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBTdGVwYW4gTmVyZXRpbiA8c2xwbWNmQGdtYWlsLmNvbT4KRGF0 ZTogTW9uLCAyOCBKdWwgMjAyNSAxMDoyNDoyMCArMDcwMApTdWJqZWN0OiBbUEFUQ0ggdjYgMi8y XSBQcmV2ZW50IGNyb3NzLXNlc3Npb24gdGVtcCB0YWJsZSBhY2Nlc3MgdGVzdAoKQWRkcyBhbiBp c29sYXRpb24gdGVzdCB2ZXJpZnlpbmcgdGhhdCB0ZW1wIHRhYmxlcyBjcmVhdGVkIGluIG9uZSBz ZXNzaW9uCmNhbm5vdCBiZSBhY2Nlc3NlZCBmcm9tIGFub3RoZXIgc2Vzc2lvbiB1c2luZyB0aGUg dGVtcCBzY2hlbWEgbmFtZS4KClNlc3Npb24gMSBjcmVhdGVzIGEgdGVtcCB0YWJsZSBhbmQgcmVj b3JkcyBpdHMgdGVtcCBzY2hlbWEgbmFtZSBpbiBhIHJlZ3VsYXIgdGFibGUuClNlc3Npb24gMiBh dHRlbXB0cyB0byBxdWVyeSB0aGF0IHRlbXAgdGFibGUgdmlhIHRoZSBzdG9yZWQgc2NoZW1hIG5h bWUsIGV4cGVjdGluZwphbiBlcnJvci4KLS0tCiBzcmMvdGVzdC9pc29sYXRpb24vZXhwZWN0ZWQv dGVtcC1hY2Nlc3Mub3V0IHwgMzIgKysrKysrKysrKysrKysrKysrKysrCiBzcmMvdGVzdC9pc29s YXRpb24vaXNvbGF0aW9uX3NjaGVkdWxlICAgICAgIHwgIDEgKwogc3JjL3Rlc3QvaXNvbGF0aW9u L3NwZWNzL3RlbXAtYWNjZXNzLnNwZWMgICB8IDMyICsrKysrKysrKysrKysrKysrKysrKwogMyBm aWxlcyBjaGFuZ2VkLCA2NSBpbnNlcnRpb25zKCspCiBjcmVhdGUgbW9kZSAxMDA2NDQgc3JjL3Rl c3QvaXNvbGF0aW9uL2V4cGVjdGVkL3RlbXAtYWNjZXNzLm91dAogY3JlYXRlIG1vZGUgMTAwNjQ0 IHNyYy90ZXN0L2lzb2xhdGlvbi9zcGVjcy90ZW1wLWFjY2Vzcy5zcGVjCgpkaWZmIC0tZ2l0IGEv c3JjL3Rlc3QvaXNvbGF0aW9uL2V4cGVjdGVkL3RlbXAtYWNjZXNzLm91dCBiL3NyYy90ZXN0L2lz b2xhdGlvbi9leHBlY3RlZC90ZW1wLWFjY2Vzcy5vdXQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5k ZXggMDAwMDAwMDAwMDAuLmQ0MDJhZGQ0ZDgzCi0tLSAvZGV2L251bGwKKysrIGIvc3JjL3Rlc3Qv aXNvbGF0aW9uL2V4cGVjdGVkL3RlbXAtYWNjZXNzLm91dApAQCAtMCwwICsxLDMyIEBACitQYXJz ZWQgdGVzdCBzcGVjIHdpdGggMiBzZXNzaW9ucworCitzdGFydGluZyBwZXJtdXRhdGlvbjogY3Jl YXRlX3RlbXBfdGFibGUgd2FpdCB0cnlfYWNjZXNzX3RlbXBfdGFibGUKK3N0ZXAgY3JlYXRlX3Rl bXBfdGFibGU6IAorICBDUkVBVEUgVEVNUCBUQUJMRSB0ZW1wX3RhYmxlMShhIGludCk7CisgIENS RUFURSBUQUJMRSBJRiBOT1QgRVhJU1RTIHRlbXBfc2NoZW1hX25hbWUoc2NoZW1hX25hbWUgdGV4 dCk7CisgIFRSVU5DQVRFIHRlbXBfc2NoZW1hX25hbWU7CisgIElOU0VSVCBJTlRPIHRlbXBfc2No ZW1hX25hbWUKKyAgU0VMRUNUIG4ubnNwbmFtZQorICBGUk9NIHBnX2NsYXNzIGMKKyAgSk9JTiBw Z19uYW1lc3BhY2UgbiBPTiBjLnJlbG5hbWVzcGFjZSA9IG4ub2lkCisgIFdIRVJFIGMucmVsbmFt ZSA9ICd0ZW1wX3RhYmxlMSc7CisKK3N0ZXAgd2FpdDogCisgIFNFTEVDVCAxOworCis/Y29sdW1u PworLS0tLS0tLS0KKyAgICAgICAxCisoMSByb3cpCisKK3N0ZXAgdHJ5X2FjY2Vzc190ZW1wX3Rh YmxlOiAKKyAgRE8gJCQKKyAgREVDTEFSRQorICAgIG5zcG5hbWUgVEVYVDsKKyAgQkVHSU4KKyAg ICBTRUxFQ1Qgc2NoZW1hX25hbWUgSU5UTyBuc3BuYW1lIEZST00gdGVtcF9zY2hlbWFfbmFtZSBM SU1JVCAxOworICAgIEVYRUNVVEUgZm9ybWF0KCdTRUxFQ1QgKiBGUk9NICVJLnRlbXBfdGFibGUx JywgbnNwbmFtZSk7CisgIEVORAorICAkJDsKKworRVJST1I6ICBjb3VsZCBub3QgYWNjZXNzIHRl bXBvcmFyeSByZWxhdGlvbnMgb2Ygb3RoZXIgc2Vzc2lvbnMKZGlmZiAtLWdpdCBhL3NyYy90ZXN0 L2lzb2xhdGlvbi9pc29sYXRpb25fc2NoZWR1bGUgYi9zcmMvdGVzdC9pc29sYXRpb24vaXNvbGF0 aW9uX3NjaGVkdWxlCmluZGV4IGUzYzY2OWEyOWM3Li5lMmQzZDMzMGZkMCAxMDA2NDQKLS0tIGEv c3JjL3Rlc3QvaXNvbGF0aW9uL2lzb2xhdGlvbl9zY2hlZHVsZQorKysgYi9zcmMvdGVzdC9pc29s YXRpb24vaXNvbGF0aW9uX3NjaGVkdWxlCkBAIC00NSw2ICs0NSw3IEBAIHRlc3Q6IGxvY2stdXBk YXRlLWRlbGV0ZQogdGVzdDogbG9jay11cGRhdGUtdHJhdmVyc2FsCiB0ZXN0OiBpbmhlcml0LXRl bXAKIHRlc3Q6IHRlbXAtc2NoZW1hLWNsZWFudXAKK3Rlc3Q6IHRlbXAtYWNjZXNzCiB0ZXN0OiBp bnNlcnQtY29uZmxpY3QtZG8tbm90aGluZwogdGVzdDogaW5zZXJ0LWNvbmZsaWN0LWRvLW5vdGhp bmctMgogdGVzdDogaW5zZXJ0LWNvbmZsaWN0LWRvLXVwZGF0ZQpkaWZmIC0tZ2l0IGEvc3JjL3Rl c3QvaXNvbGF0aW9uL3NwZWNzL3RlbXAtYWNjZXNzLnNwZWMgYi9zcmMvdGVzdC9pc29sYXRpb24v c3BlY3MvdGVtcC1hY2Nlc3Muc3BlYwpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw MDAwMC4uMzUzODNmZTdiMzUKLS0tIC9kZXYvbnVsbAorKysgYi9zcmMvdGVzdC9pc29sYXRpb24v c3BlY3MvdGVtcC1hY2Nlc3Muc3BlYwpAQCAtMCwwICsxLDMyIEBACitzZXNzaW9uIHMxCitzdGVw IGNyZWF0ZV90ZW1wX3RhYmxlCit7CisgIENSRUFURSBURU1QIFRBQkxFIHRlbXBfdGFibGUxKGEg aW50KTsKKyAgQ1JFQVRFIFRBQkxFIElGIE5PVCBFWElTVFMgdGVtcF9zY2hlbWFfbmFtZShzY2hl bWFfbmFtZSB0ZXh0KTsKKyAgVFJVTkNBVEUgdGVtcF9zY2hlbWFfbmFtZTsKKyAgSU5TRVJUIElO VE8gdGVtcF9zY2hlbWFfbmFtZQorICBTRUxFQ1Qgbi5uc3BuYW1lCisgIEZST00gcGdfY2xhc3Mg YworICBKT0lOIHBnX25hbWVzcGFjZSBuIE9OIGMucmVsbmFtZXNwYWNlID0gbi5vaWQKKyAgV0hF UkUgYy5yZWxuYW1lID0gJ3RlbXBfdGFibGUxJzsKK30KKworc2Vzc2lvbiBzMgorc3RlcCB3YWl0 Cit7CisgIFNFTEVDVCAxOworfQorCitzdGVwIHRyeV9hY2Nlc3NfdGVtcF90YWJsZQoreworICBE TyAkJAorICBERUNMQVJFCisgICAgbnNwbmFtZSBURVhUOworICBCRUdJTgorICAgIFNFTEVDVCBz Y2hlbWFfbmFtZSBJTlRPIG5zcG5hbWUgRlJPTSB0ZW1wX3NjaGVtYV9uYW1lIExJTUlUIDE7Cisg ICAgRVhFQ1VURSBmb3JtYXQoJ1NFTEVDVCAqIEZST00gJUkudGVtcF90YWJsZTEnLCBuc3BuYW1l KTsKKyAgRU5ECisgICQkOworfQorCitwZXJtdXRhdGlvbiBjcmVhdGVfdGVtcF90YWJsZSB3YWl0 IHRyeV9hY2Nlc3NfdGVtcF90YWJsZQotLSAKMi40OC4xCgo= --0000000000002d7756063af517af--