Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1uwhMx-006OJ7-LG
	for pgsql-hackers@arkaria.postgresql.org; Thu, 11 Sep 2025 13:29:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1uwhMv-007YXG-Sl
	for pgsql-hackers@arkaria.postgresql.org; Thu, 11 Sep 2025 13:29:46 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <me@jeltef.nl>)
	id 1uwhMv-007YX7-H4
	for pgsql-hackers@lists.postgresql.org; Thu, 11 Sep 2025 13:29:46 +0000
Received: from mail-lj1-x231.google.com ([2a00:1450:4864:20::231])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <me@jeltef.nl>)
	id 1uwhMt-001qdM-1X
	for pgsql-hackers@postgresql.org;
	Thu, 11 Sep 2025 13:29:44 +0000
Received: by mail-lj1-x231.google.com with SMTP id
 38308e7fff4ca-34fed7add35so3538411fa.2
        for <pgsql-hackers@postgresql.org>;
 Thu, 11 Sep 2025 06:29:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=jeltef.nl; s=google; t=1757597380; x=1758202180;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=BlLxjKXnc8gZKo/TgDwroi2yt1STZ866N/S6bo1FjLQ=;
        b=dYJavlLInozVU1Fw8qQHK7YDuFEfLwCs/meQa+b/XRPIGJCrCszGKbfoNMi5T7QEyL
         72zdkcdZ7ATIygVdFbaha/jVcrECt/RFTATiJfsLVQEwOQdo2Bw4LLt3oy1zmTMvPFOr
         hb64CL5ElIToZX8RXXXne3v/0iEiRUpI9vHXAi/KwZaORUBZ1ORy3fapL5njkP+j/N9w
         pmiB98jkON4p/LX2Ng1noXSU5vSjEYjIdeaxONbgB9XOj8jqAZDbua3Pn6x/ToCRHgpT
         YX4EeLyHYjxh8+LiBm6PWTNzgF7hJE6WrXLemyUI+KPMTlWeV3YzomniVzJvatyJb33P
         H9Jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1757597380; x=1758202180;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BlLxjKXnc8gZKo/TgDwroi2yt1STZ866N/S6bo1FjLQ=;
        b=LPwIAlIEADoIZotCRi2w2DQuRyONW8JwDnkFR/c/GVLuK7dwLfO3dHlKR6vAg4WwIg
         adppEbgSVosUyGd+ZZ3q7Jx6ZqrecFmj3Me1k04DwWu1cq4MmbfU79OLo1Km8r+5DRvH
         C0ijih5v5Py5MijaXtI8HHSmKnJziO4nhI2+7O7iU8PRFBs+JXF7wVuCstLBbSEtBCr/
         D7FHDaduBkl4aKEqPpqC23uuWJjNzxEGEf9U6TdAEPg/p6ZpdB6SAFr5T45rBH/Smeyt
         CZiemnppJgpNs/bpMhNuF89BX7Tc/Ar9tu0SLzkKuuoIbwwIYCnnE1rdq8DD+n6JHutA
         feSA==
X-Forwarded-Encrypted: i=1;
 AJvYcCWLMteAHgjfnhnjv4I4+LTI1nZe0oeU18WeR3T0rAAli2olC57CcRLbw3/cu+yMwlnbucv3g7nGVbDwovf9@postgresql.org
X-Gm-Message-State: AOJu0YwzOsYFdqM3GV402BOYph0DENVof6WSAR97Alc+TBlLBbgsPUDk
	9jWQUQ9OvTA25R8suQ+u9JKOHrMVKxGu11yLmrrmAUnbbIwalOiJN550ox7ZYFDkgaSy+S2m31w
	+cAbq5xPNQz4pbX1Q2qcCbd6sxPJ40P0mqx7y1TMfqg==
X-Gm-Gg: ASbGncuJUWZRLBNTEdJYJ2gu1RU5vZbTixeYDT6vLnkgWRVFW86NX2NXQiB5bZTGaJE
	2IIsBnTcTlZQhbhORptUcp+4MNr+vW54SPhZSZ0sTqa0PPjpy5+YvWQ5DHKWEW1U+x0qC8L78ec
	PNiD0gmwnSTE2XrILkPddlz3e4y/7pgy4kTEJkO8ncNEFX5yjThNS0MXxUHfylXHYHDDhtEfGZ0
	lAYa7rUtLlW6gPx
X-Google-Smtp-Source: 
 AGHT+IE/uiNrAsdU6Lo6Ga28bsAPaalW1+rfHVkiAAWS0KVKkvAWJTX6iA7KJX5tdeePPHbteYucClhiVE24NdIwNfk=
X-Received: by 2002:a2e:a78a:0:b0:337:d2e2:d467 with SMTP id
 38308e7fff4ca-33b6020b48fmr67164571fa.43.1757597379558; Thu, 11 Sep 2025
 06:29:39 -0700 (PDT)
MIME-Version: 1.0
References: <585e996c-a5c6-4e61-acc4-d92b7a1458ea@vondra.me>
 <CAGECzQS02M6YPDXemo36tShO-ZYObjqnyTJyVttua1PGyN4xRw@mail.gmail.com>
 <CAFPkQKzALOTTBrhj2qDHwVxZQyjF5Xg_P9M=Tn_Dcm3vr=xdTA@mail.gmail.com>
 <DBOFQN54M5FX.1XWJE4LKMR8XH@jeltef.nl>
 <CA+TgmoY=NO7_L=UDuoUWj-icABF-7EP=UNUXCFBYpDNFoUZmbA@mail.gmail.com>
 <CA+TgmoYDdYA1paUKtfHfx-iDdCKrL05m2OwPHz7SQ03t49f2oQ@mail.gmail.com>
 <CAOBaU_YTJwo=jevDDKXRjwFUqON2VoWqz=Aw0FedyxbfYSiisw@mail.gmail.com>
 <CAGECzQS9JqWv+zJR-e-1JMH7GhCnLc4vD9H-uEui8E5Ba9Trpw@mail.gmail.com>
 <aLaysb-v12hPW22V@jrouhaud>
 <CA+TgmoawwAoRZH2Hm8w-RP1QOebK9LQ=NzeJWWAz+pYhSQPT0g@mail.gmail.com>
 <aLt9f7u_jUnMgGOe@jrouhaud>
 <CAGECzQR8gnJ92R2joimAfg6VX_VZO2Dy2n2gG-Ozr3zQ7evmSA@mail.gmail.com>
 <CA+TgmoY0zKz-mkXjkRUd-vNT4sp+=j5aJKd6er9WgOH9Q0Qriw@mail.gmail.com>
In-Reply-To: 
 <CA+TgmoY0zKz-mkXjkRUd-vNT4sp+=j5aJKd6er9WgOH9Q0Qriw@mail.gmail.com>
From: Jelte Fennema-Nio <me@jeltef.nl>
Date: Thu, 11 Sep 2025 15:29:27 +0200
X-Gm-Features: Ac12FXwik4s7Y1cN0zI9R7ofkNPJ8ZvSkesg_VZFrEMR2Yjnhfew77RTi-yBJpI
Message-ID: 
 <CAGECzQT8Rjo73xJfS-KSouoj09oUSOM6UWhvy0JXXO8+U0qwwQ@mail.gmail.com>
Subject: Re: Extension security improvement: Add support for extensions with
 an owned schema
To: Robert Haas <robertmhaas@gmail.com>
Cc: Julien Rouhaud <rjuju123@gmail.com>,
 Artem Gavrilov <artem.gavrilov@percona.com>,
	Tomas Vondra <tomas@vondra.me>,
 "David G. Johnston" <david.g.johnston@gmail.com>,
	Jeff Davis <pgsql@j-davis.com>,
 PostgreSQL-development <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAGECzQT8Rjo73xJfS-KSouoj09oUSOM6UWhvy0JXXO8%2BU0qwwQ%40mail.gmail.com>
Precedence: bulk

On Thu, 11 Sept 2025 at 15:02, Robert Haas <robertmhaas@gmail.com> wrote:
> What the patch does (IIRC) is make it so that dropping the extension
> just cascade-drops the schema.

You recall incorrectly ;) It only does that when you do:
DROP EXTENSION ... CASCADE

Otherwise you get errors like this:

 DROP EXTENSION test_ext_owned_schema;
 ERROR:  cannot drop extension test_ext_owned_schema because other
objects depend on it
 DETAIL:  function test_owned_schema_defaults.new_owned() depends on
schema test_owned_schema_defaults

> but somebody
> could equally well just install an unrelated extension in the same
> schema and then drop the first extension and, whoops.

To be clear, that could only happen when that unrelated extension does
not have owned_schema=true. Because creating such an extension
requires the schema to not exist yet. (And even then as explained
above the accidental drop only happens when the user uses CASCADE.)