Fix contrib/pgstattuple and contrib/pageinspect to prevent attempts to read

temporary tables of other sessions; that is unsafe because of the way our
buffer management works.  Per report from Stuart Bishop.
This is redundant with the bufmgr.c checks in HEAD, but not at all redundant
in the back branches.

diff --git a/contrib/pgstattuple/pgstattuple.c b/contrib/pgstattuple/pgstattuple.c
index 3787874bfdd4a7227a907c96302e5c7ea5741f83..fee4ede4df893de001eec0859261188202878f2b 100644 (file)
--- a/contrib/pgstattuple/pgstattuple.c
+++ b/contrib/pgstattuple/pgstattuple.c
@@ -115,6 +115,16 @@ pgstattuple_real(Relation rel, FunctionCallInfo fcinfo)
        int                     i;
        Datum           result;
 
+       /*
+        * Reject attempts to read non-local temporary relations; we would
+        * be likely to get wrong data since we have no visibility into the
+        * owning session's local buffers.
+        */
+       if (isOtherTempNamespace(RelationGetNamespace(rel)))
+               ereport(ERROR,
+                               (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
+                                errmsg("cannot access temporary tables of other sessions")));
+
        /* Build a tuple descriptor for our result type */
        if (get_call_result_type(fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE)
                elog(ERROR, "return type must be a row type");