Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nxPyt-0000Qk-OV for pgsql-hackers@arkaria.postgresql.org; Sat, 04 Jun 2022 09:22:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nxPys-0005yw-K4 for pgsql-hackers@arkaria.postgresql.org; Sat, 04 Jun 2022 09:22:02 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nxPys-0005ym-Ar for pgsql-hackers@lists.postgresql.org; Sat, 04 Jun 2022 09:22:02 +0000 Received: from relay10.mail.gandi.net ([217.70.178.230]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nxPyp-0000HA-TS for pgsql-hackers@postgresql.org; Sat, 04 Jun 2022 09:22:01 +0000 Received: (Authenticated sender: strk@kbt.io) by mail.gandi.net (Postfix) with ESMTPSA id C8261240006; Sat, 4 Jun 2022 09:21:55 +0000 (UTC) Date: Sat, 4 Jun 2022 11:21:53 +0200 From: Sandro Santilli Sender: strk@kbt.io To: Daniel Gustafsson Cc: Laurenz Albe , Regina Obe , PostgreSQL Hackers Subject: Re: [PATCH] Support % wildcard in extension upgrade filenames Message-ID: Mail-Followup-To: Sandro Santilli , Daniel Gustafsson , Laurenz Albe , Regina Obe , PostgreSQL Hackers References: <001d01d87211$edbd5b50$c93811f0$@pcorp.us> <6181DA3F-B24A-4313-A0C2-F05D690AA726@yesql.se> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6181DA3F-B24A-4313-A0C2-F05D690AA726@yesql.se> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Sat, May 28, 2022 at 05:26:05PM +0200, Daniel Gustafsson wrote: > > On 28 May 2022, at 16:50, Laurenz Albe wrote: > > > I don't think this idea is fundamentally wrong, but I have two worries: > > > > 1. It would be a good idea good to make sure that there is not both > > "extension--%--2.0.sql" and "extension--1.0--2.0.sql" present. > > Otherwise the behavior might be indeterministic. > > > > 2. What if you have a "postgis--%--3.3.sql", and somebody tries to upgrade > > their PostGIS 1.1 installation with it? Would that work? > > Having a lower bound for a matching version might be a good idea, > > although I have no idea how to do that. > > Following that reasoning, couldn't a rogue actor inject a fake file (perhaps > bundled with another innocent looking extension) which takes precedence in > wildcard matching? I think whoever can write into the PostgreSQL extension folder will be able to inject anything anyway.... --strk;