| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, John H <johnhyvr(at)gmail(dot)com> |
| Cc: | Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Date: | 2024-06-12 20:52:31 |
| Message-ID: | 00d8f046156e355ec0eb49585408bafc8012e4a5.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2024-06-12 at 15:36 -0400, Robert Haas wrote:
> But I think there's another problem, which is
> that if the extension is relocatable, how do you set a secure
> search_path? You could say SET search_path = foo, pg_catalog if you
> know the extension will be installed in schema foo, but if you don't
> know in what schema the extension will be installed, then what are
> you
> supposed to do? The proposal of litting $extension_schema could help
> with that ...
>
> ...except I'm not sure that's really a full solution either, because
> what if the extension is installed into a schema that's writable by
> others, like public?
Jelte proposed something to fix that here:
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2024-06-12 20:56:57 | Re: RFC: adding pytest as a supported test framework |
| Previous Message | Andres Freund | 2024-06-12 20:11:35 | Re: Proposal for Updating CRC32C with AVX-512 Algorithm. |