| From: | "Jelte Fennema-Nio" <me(at)jeltef(dot)nl> |
|---|---|
| To: | "Robert Haas" <robertmhaas(at)gmail(dot)com> |
| Cc: | "Julien Rouhaud" <rjuju123(at)gmail(dot)com>, "Artem Gavrilov" <artem(dot)gavrilov(at)percona(dot)com>, "Tomas Vondra" <tomas(at)vondra(dot)me>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, "Jeff Davis" <pgsql(at)j-davis(dot)com>, "PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Extension security improvement: Add support for extensions with an owned schema |
| Date: | 2026-02-10 23:19:39 |
| Message-ID: | DGBO0D6A5NLP.1D1EIO0UO4L3H@jeltef.nl |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 11 Sept 2025 at 16:52, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> OK. Perhaps that needs some associated tests?
Added now in v8, as well as a bunch of other tests. Including a test for
trusted extensions, and a fix so that for trusted extensions the owned
schema is owned by the bootstrap superuser. Changes made since v7 can be
found in nocfbot.changes.diff.
> To be honest, I'm kind of leaning at this point toward saying we
> shouldn't impose any special restrictions here. If the DROP doesn't
> cascade, then the worst thing that can happen is that you make it hard
> for yourself to drop your own extension cleanly. I think letting the
> superuser and the schema owner do things and other people not is too
> weird -- it basically boils down to ignoring GRANT sometimes, and I
> think users will find it confusing.
I agree. I kept it like that.
| Attachment | Content-Type | Size |
|---|---|---|
| v8-0001-Add-support-for-extensions-with-an-owned-schema.patch | text/x-patch | 51.6 KB |
| nocfbot.changes.diff | text/x-patch | 14.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jelte Fennema-Nio | 2026-02-10 23:24:31 | Re: access numeric data in module |
| Previous Message | Tom Lane | 2026-02-10 23:08:38 | Re: Do we still need MULE_INTERNAL? |