public inbox for [email protected]
help / color / mirror / Atom feedRendezvous variables: safe to pass an access token between two extensions?
2+ messages / 2 participants
[nested] [flat]
* Rendezvous variables: safe to pass an access token between two extensions?
@ 2026-07-09 10:36 vaibhave postgres <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: vaibhave postgres @ 2026-07-09 10:36 UTC (permalink / raw)
To: pgsql-hackers
Hi all,
Extension A receives an access token and needs to hand it to extension B,
which publishes a handler function via a rendezvous variable
(find_rendezvous_variable).
Since rendezvous variables are just a global, name-keyed void * with no
notion of who populated the slot, is it safe to pass a sensitive value (the
token) this way? My worry is that another loaded module could register the
same name and receive the token instead of the intended extension B.
Is there a supported way to verify the publisher of a rendezvous variable,
or is there a better way to do this? Any prior art would help.
Thanks.
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Rendezvous variables: safe to pass an access token between two extensions?
@ 2026-07-09 10:44 Andreas Karlsson <[email protected]>
parent: vaibhave postgres <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Andreas Karlsson @ 2026-07-09 10:44 UTC (permalink / raw)
To: vaibhave postgres <[email protected]>; pgsql-hackers
On 7/9/26 12:36, vaibhave postgres wrote:
> Since rendezvous variables are just a global, name-keyed void * with no
> notion of who populated the slot, is it safe to pass a sensitive value
> (the token) this way? My worry is that another loaded module could
> register the same name and receive the token instead of the intended
> extension B.
>
> Is there a supported way to verify the publisher of a rendezvous
> variable, or is there a better way to do this? Any prior art would help.
As PostgreSQL extensions are not sandboxed and therefore can access the
full memory of the backend (including shared memory) I do not think this
is really a concern specific to rendezvous variables. If an extension
wants to steal an access token it can as it can just grab them form
anywhere in the process memory.
You need to either audit all extensions you load or trust your packagers
and extension authors. If you load extensions you do not trust they can
do anything the postgres process can do.
--
Andreas Karlsson
Percona
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-07-09 10:44 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-07-09 10:36 Rendezvous variables: safe to pass an access token between two extensions? vaibhave postgres <[email protected]>
2026-07-09 10:44 ` Andreas Karlsson <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox