Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wGYTI-006L8X-0X for pgsql-hackers@arkaria.postgresql.org; Sat, 25 Apr 2026 08:34:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wGYTF-008Yh9-1i for pgsql-hackers@arkaria.postgresql.org; Sat, 25 Apr 2026 08:34:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <3danissimo@gmail.com>) id 1wGYTF-008Yh1-0K for pgsql-hackers@lists.postgresql.org; Sat, 25 Apr 2026 08:34:37 +0000 Received: from mail-yw1-x1135.google.com ([2607:f8b0:4864:20::1135]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from <3danissimo@gmail.com>) id 1wGYTC-00000002ha3-3KJB for pgsql-hackers@postgresql.org; Sat, 25 Apr 2026 08:34:36 +0000 Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-794719afcd4so92948357b3.1 for ; Sat, 25 Apr 2026 01:34:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1777106074; cv=none; d=google.com; s=arc-20240605; b=GzU8EdkSC6q1rIW/e53gTt/+bP7GfCcejIkdW/Yse1VwK6F2fGCwzPpHo/EOk/TGTI xBOeacp7GTlp6oPWQIyM6udLpu/deivzOnOGGbHYq+1yAoTcYVGu4v1zV809LZW/Wp3g 9LuSE2I/JJCWv6QI8aKegd6rdWHyimeFDINpnz50x7ZtADXMyry8tkueS3O40ix48iL/ Gex/pIjlBU7ZKbuheTPuyCtxfddPt6crmQ7IAqIz0m/HyCmgQIOWEnH1SxF9Z4FYvEPM 9ntwV83Qm6FiiinbC1Q1N0BznszkaoN07c9jLr5r1uL8+iYgzXE818Yhzl3o+hOGFYIQ Mjyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ain9XsqqwjWI4zro39wINuARqgNK2qrstEtvtNCLR8s=; fh=L8BXeQm1zLMQJAvLt0xWDFSUIteuUHzEeHk0DPOHkTk=; b=L7PJeTjcrTNASPxfQtWxj8UlDIzhOr/V/iz+E/tzUql/vy80Koj2KtyBoF70sCzGTy XslA/hkEpsWs0eSaBgT0b7gbQgNkO/rv6zsZQ1IxGzCgvU0X4ellQQs+UQj2OujeQX+s 3IqpdBs/Da0+Gj8y4CoIVc2gdr5FrlvyZJ6giXyE1B6oWfHj0kjJC6me6W65suFXogEO PqODr0kcdOtghm/gbONbh/ACE8cKqjtc4pFlFhfEE/1p2cRkNDRJPKpTTPGiBAzyDDjO ECtBygAiTfKPAssCbP/113rBvOo7QwV6Ycpz7Cs8h5oXV86l1yNXHGewFouyHr6B0vX3 4wBA==; darn=postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777106074; x=1777710874; darn=postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ain9XsqqwjWI4zro39wINuARqgNK2qrstEtvtNCLR8s=; b=Oe+69aLzOnLzi0LYZjKNPfRVCTiY8FV6ij3Xzj06p0cuhNsY2knKmwOfUZKXPHYLkq zJkJ9JmHz7mf0WU5eUdDExivAOnWH0jDL8Hqx9YvCNKot5IhysgGytqHfnTCJBvINmiY 6ILBwbYLjC+YKXhwBYK0j96Y5UEGQMgQOIbQ0VE2XOcKJMPqksAwsVoK9HLYD6AiV/a6 Z7YyW34XqsgEGSL5spzOUCYRBeR7ptpqypfwPGF4+1hoiQyUz17TgZKj/oZ4jQvxJrQb U5VRPi0YSB2BVov7FLaAo6/iw/n+kqDnt6sAa68xjK76CebXdax2utnyOr6h7P6Jxr9Z kbAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777106074; x=1777710874; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ain9XsqqwjWI4zro39wINuARqgNK2qrstEtvtNCLR8s=; b=J7T/KfqWpbJa8RA9yNjLYlDvyEOgp/guMChNd9kawt5D+ezvjsns8UbiSzWndejKBd iGRlTAfEv++bAsoKeq8w5vbE0QhmUcQMwAlrX9yYew64FrCo2JvGOcPaYhYNsEaGxwpr 7Jfj+sI2dDBcGdMsSgs1c8dhY5HCE+JQWaeCmScSF5mi/+E+zRxQwyL/LRQmy9BszWCM oy4ewRvTcMyFAOK9uwUEukhq5lExnf95jvrGissoRrPa/BILSadlpaZ5MovOJ0zWH3QG xqWogfHDeI5F9eizBI+SqDhDG5PaYiNOdIW2q7nFwbUuPT/l/dLZIuxiV2jxp/7gGd2D UTbg== X-Forwarded-Encrypted: i=1; AFNElJ8yDvq3w5snTj5DIy+gvEK+9xC9HULuPQ0UWiPvyFOTOUBxI4iPjxlQEQb8/BMydkoYE6NCPmEqN9IWzBTM@postgresql.org X-Gm-Message-State: AOJu0YyjdRDnFSaq3P0oxOz8J/iQik+Xax3Z+ihg7SHyTYGzrpFuCcug +xIONHSiTW2rzvqZI+5SOivp6yzkI9QDHAT6HYtJqSxG6pYVYaqJ5wejMOfolj4zirfhhr27VWQ F8toFs7s2UTQdtShCLGOWFtIaJKyfm/8= X-Gm-Gg: AeBDietInoesz7uui7SZOSFcZpDdJtDXCk39sAzH4dJTGenY8Qq1/OkoleyVIskGs3C w7fiWnJw12Cdj4Lcuw8BkXupdMClrhuYFE3ohXrp3J9cDU46MHr/vcGhwaTEE9h3coACrWm8UA1 /uATIXhOLyCpXT9O34Ih3gvAJukxzz71hTSwE5HYK+8cQJ9Y6P89Un4E1FQ/QUjE/BdLnKFEVJB kmIVAD5N33SE/LwhcEbf5H8f7Hgqf+Tn0J30uvFhSoI0qrUr+GtzByXI8of3b5FUqHGYFMft61d u4i2ZB1i3rqb+nJmdPrkb/+aetxB X-Received: by 2002:a05:690c:3481:b0:7ba:f907:145c with SMTP id 00721157ae682-7baf907309dmr229445627b3.33.1777106073993; Sat, 25 Apr 2026 01:34:33 -0700 (PDT) MIME-Version: 1.0 References: <402bbc8d-728b-4467-8024-31c2bc101ead@uni-muenster.de> In-Reply-To: From: Daniil Davydov <3danissimo@gmail.com> Date: Sat, 25 Apr 2026 15:34:22 +0700 X-Gm-Features: AQROBzBfsGgkpW4D02YAfoNkmGCGkZit5Ri2fv_x43fOrjIk0fBfXtXUoD3oUos Message-ID: Subject: Re: Fix bug with accessing to temporary tables of other sessions To: Michael Paquier Cc: Alexander Korotkov , Soumya S Murali , Jim Jones , Tom Lane , Stepan Neretin , PostgreSQL Hackers , Mohamed Ali , Nazneen Jafri , Shawn McCoy Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi, On Wed, Apr 22, 2026 at 6:41=E2=80=AFAM Michael Paquier wrote: > > On Tue, Apr 21, 2026 at 01:54:47PM +0300, Alexander Korotkov wrote: > > OK. I'm going to push and backpatch if no objections. > > Timing is interesting here. Last week I have been doing a on-site > patch review with a couple of colleagues and myself, and this thread > has been chosen as part of this exercise. I am attaching them in CC > of this thread, and replying to this thread was an action item I had > to act on. > > Here is some feedback, based on v18 posted here: > https://www.postgresql.org/message-id/b6614954-6c71-451a-a1d7-345d255b4af= b@uni-muenster.de > Thank you for looking into this! > We have found that the thread does not state clearly what it aims to > fix. The subject states that it is a bug, perhaps it is but the > thread does not seem to do a good job in explaining why the current > superuser behavior is bad, while the behavior of the patch to block > some commands is better. This should be clearer in explaining why > this new behavior is better. This patch doesn't provide any new behavior. It returns consistent behavior= , which we have lost after the appearance of streaming I/O in sequential scan= s. Jim wrote about it here [1]. You can also find this in the commit message o= f the v19 patch. IMHO, both thread and attached patch do the job of explaining why this fix = is necessary. But I think I understand what confused you. Please, see my comme= nts below. > The test script is under-documented. There are zero comments that > actually explain why the patch does what it does. The few comments > present could be removed: they are copy-pasted of the descriptions of > the test cases. A much worse thing is this thing: > > +# DROP TEMPORARY TABLE from other session > +$node->safe_psql('postgres', "DROP TABLE $tempschema.foo;"); Yeah, I agree. It can be (and will be) improved. > DROP TABLE on a temporary relation for a superuser is a very useful > behavior to unstuck autovacuum if a temp relation has been orphaned. > It looks critical to me to explain that we want to keep this behavior > for this reason. Do you mean that we should add something to the documentation? Again, postg= res has always allowed DROP TABLE operation to be done for other temp tables, i= f the user has enough privileges. We are disallowing everyone to look at othe= r temp tables' pages because there is no capability to do it. DROP TABLE does= n't require access to backend-private data, so it is OK. Tom Lane wrote about i= t here [2]. I want to say that described behavior is pretty natural. Why shou= ld we additionally describe that the user can do operations that he is allowed to do? On the other hand, we have an error message that says "cannot access...", w= hich may look like every kind of "access" is forbidden. I bet that this is the p= lace that has confused you. More accurate error message would be "cannot access pages..." or "cannot access content...". I think we can change our error message in this way. What do you think? We can also explicitly write in the documentation that users cannot access *pages/content* of other temp tables. But the original patch [3] didn't do = it, so I am not sure that we should either. > Using safe_psql() is not really adapted. You should > use a psql() where we check that the command does not fail, so as the > test can generate a full report. Fair enough. > The test coverage actually has holes. The three DML patterns INSERT, > UPDATE and DELETE are covered, and it is missing MERGE. Also, what > about other patterns like ALTER TABLE, ALTER INDEX, ALTER FUNCTION, > DROP FUNCTION and the like? > There are many object patterns that can > be schema-qualified, and none of this is covered. What about the new > REPACK and a bunch of other maintenance commands? There is nothing > about VACUUM, TRUNCATE, CLUSTER, etc. Just to name a few. I have concerns about it. If we try the "brute force" approach (i.e. test a= ll available commands), the test will increase unreasonably and will need cons= tant support. I guess that covering all available code paths that lead to readin= g temp table's pages would be enough. > As a whole, we were not really convinced that this is something that > needs any kind of specific fix It is a bug, obviously. TBH, I don't see any reason for not fixing it. > especially not something that should > be backpatched. I couldn't answer for a long time, and Jim had already clearly demonstrated why the backpatch is needed (for which I am grateful). [1] https://www.postgresql.org/message-id/b13dc5ba-6c11-429c-b6fe-673c1c767= bcf%40uni-muenster.de [2] https://www.postgresql.org/message-id/4075754.1774378690%40sss.pgh.pa.u= s [3] 948d6ec90fd35d6e1a59d0b1af8d6efd8442f0ad -- Best regards, Danill Davydov