Re: Extension security improvement: Add support for extensions with an owned schema

On Mon Aug 11, 2025 at 9:23 PM CEST, Robert Haas wrote:
> On Mon, Aug 11, 2025 at 1:55 PM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> [ some review ]

Attached is a patch that addresses your comments I think. I restructured
the schema creation code, and added more comments to the
AlterExtensionNamespace code (I couldn't find a way to make the
structure clearer).

> Another thing that's occurring to me here is that nothing prevents
> other objects from making their way into the owned schema. Sure, if we
> create a new schema with nobody having any permissions, then only the
> creating role or some role that has its privileges can add anything in
> there. But that could happen by accident, or privileges could later be
> granted and somebody could add something into the extension schema
> after that. I wonder whether we should lock this down tighter somehow
> and altogether forbid creating objects in that schema except from an
> extension create/upgrade script for the owning extension.

I think that's an interesting idea, and I started with a change to try
this out, that I intend to finish soon. It doesn't seem strictly
necessary, though.