On Tue, Aug 10, 2021 at 11:30:35AM -0400, Tom Lane wrote: > Greg Stark <st...@mit.edu> writes: >> While fixing up a patch I had dealing with temporary tables I noticed >> a bit of a quirk with pg_temp schemas. Namely that we have no actual >> meta data marking them as temporary aside from their names. And we >> don't do anything to protect that -- superuser can happily issue ALTER >> SCHEMA RENAME to rename it to a name that doesn't match pg_temp*.
The fun does not stop here. Here is one: drop the existing temporary schema as superuser, keep the connection that dropped it opened, and play with various temporary objects, even types or functions. > This seems to me to be not very different from the 1001 other ways that > a superuser can break a database. If *non* superusers could rename > those schemas then I'd agree there's a problem to be solved. If non-superusers could do anything that change what's stored in pg_namespace and make things inconsistent with the backend-specific state stored in memory, we are in trouble. -- Michael
signature.asc
Description: PGP signature
