| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Artem Gavrilov <artem(dot)gavrilov(at)percona(dot)com>, Jelte Fennema-Nio <me(at)jeltef(dot)nl>, Tomas Vondra <tomas(at)vondra(dot)me>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Extension security improvement: Add support for extensions with an owned schema |
| Date: | 2025-08-11 19:23:42 |
| Message-ID: | CA+TgmoYDdYA1paUKtfHfx-iDdCKrL05m2OwPHz7SQ03t49f2oQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 11, 2025 at 1:55 PM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> [ some review ]
Another thing that's occurring to me here is that nothing prevents
other objects from making their way into the owned schema. Sure, if we
create a new schema with nobody having any permissions, then only the
creating role or some role that has its privileges can add anything in
there. But that could happen by accident, or privileges could later be
granted and somebody could add something into the extension schema
after that. I wonder whether we should lock this down tighter somehow
and altogether forbid creating objects in that schema except from an
extension create/upgrade script for the owning extension.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-08-11 19:27:51 | Re: meson: add and use stamp files for generated headers |
| Previous Message | Noah Misch | 2025-08-11 19:07:54 | 2025-08-14 release announcement draft |