Clean up loose ends remaining from schema privileges discussion.

I concluded that RENAME should require CREATE privilege on the namespace
as well as ownership of the table.

1 files changed, 7 insertions, 2 deletions

diff --git a/src/backend/catalog/namespace.c b/src/backend/catalog/namespace.c
index 51ef7c3f8d9..80ce60f8ab2 100644
--- a/src/backend/catalog/namespace.c
+++ b/src/backend/catalog/namespace.c
@@ -13,7 +13,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/namespace.c,v 1.15 2002/04/29 22:15:07 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/namespace.c,v 1.16 2002/04/30 01:26:25 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1161,7 +1161,12 @@ GetTempTableNamespace(void)
 	{
 		/*
 		 * First use of this temp namespace in this database; create it.
-		 * The temp namespaces are always owned by the superuser.
+		 * The temp namespaces are always owned by the superuser.  We
+		 * leave their permissions at default --- i.e., no access except to
+		 * superuser --- to ensure that unprivileged users can't peek
+		 * at other backends' temp tables.  This works because the places
+		 * that access the temp namespace for my own backend skip permissions
+		 * checks on it.
 		 */
 		namespaceId = NamespaceCreate(namespaceName, BOOTSTRAP_USESYSID);
 		/* Advance command counter to make namespace visible */