Re: Extension security improvement: Add support for extensions with an owned schema

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Robert Haas <[email protected]>
To: Jelte Fennema-Nio <[email protected]>
Cc: Artem Gavrilov <[email protected]>
Cc: Jelte Fennema-Nio <[email protected]>
Cc: Tomas Vondra <[email protected]>
Cc: David G. Johnston <[email protected]>
Cc: Jeff Davis <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Subject: Re: Extension security improvement: Add support for extensions with an owned schema
Date: Mon, 11 Aug 2025 15:23:42 -0400
Message-ID: <CA+TgmoYDdYA1paUKtfHfx-iDdCKrL05m2OwPHz7SQ03t49f2oQ@mail.gmail.com> (raw)
In-Reply-To: <CA+TgmoY=NO7_L=UDuoUWj-icABF-7EP=UNUXCFBYpDNFoUZmbA@mail.gmail.com>
References: <CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF+6rNQ@mail.gmail.com>
	<[email protected]>
	<CAGECzQTe3y6xwP9aMbFBCxKnQEEn3G3=cEDqoD5xaOwPwypd_A@mail.gmail.com>
	<CAGECzQTAgtTp3G=Em3xEY=T=uiKfyu5xLYri9By=sfNBS5C_9A@mail.gmail.com>
	<CAKFQuwaT4_n=e0YKBZAyox1CQUra2ka0cySs+3pGZR5p50pn-g@mail.gmail.com>
	<CAGECzQTOJrnnJkmMe9nems0jouiKUbFcEb1rb9kE_svsAZiGQg@mail.gmail.com>
	<[email protected]>
	<CAGECzQS02M6YPDXemo36tShO-ZYObjqnyTJyVttua1PGyN4xRw@mail.gmail.com>
	<CAFPkQKzALOTTBrhj2qDHwVxZQyjF5Xg_P9M=Tn_Dcm3vr=xdTA@mail.gmail.com>
	<[email protected]>
	<CA+TgmoY=NO7_L=UDuoUWj-icABF-7EP=UNUXCFBYpDNFoUZmbA@mail.gmail.com>

On Mon, Aug 11, 2025 at 1:55 PM Robert Haas <[email protected]> wrote:
> [ some review ]

Another thing that's occurring to me here is that nothing prevents
other objects from making their way into the owned schema. Sure, if we
create a new schema with nobody having any permissions, then only the
creating role or some role that has its privileges can add anything in
there. But that could happen by accident, or privileges could later be
granted and somebody could add something into the extension schema
after that. I wonder whether we should lock this down tighter somehow
and altogether forbid creating objects in that schema except from an
extension create/upgrade script for the owning extension.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

view thread (27+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Extension security improvement: Add support for extensions with an owned schema
  In-Reply-To: <CA+TgmoYDdYA1paUKtfHfx-iDdCKrL05m2OwPHz7SQ03t49f2oQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox