| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
| Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, John H <johnhyvr(at)gmail(dot)com>, Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Date: | 2024-07-15 17:44:58 |
| Message-ID: | CA+Tgmoax+zZPYWMKpNOtcxpHy0Xe8t4S6agbW_WthR=ThdMquA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jul 15, 2024 at 8:05 AM Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> wrote:
> I've added these changes to restrict users from explicitly setting the
> $extension_schema in the search_path. This ensures that
> $extension_schema can only be set implicitly for functions created by
> the extension when the "protected" flag is enabled.
But ... why? I mean, what's the point of prohibiting that? In fact,
maybe we should have *that* and forget about the protected flag in the
control file.
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-07-15 17:56:05 | Re: Parent/child context relation in pg_get_backend_memory_contexts() |
| Previous Message | Andres Freund | 2024-07-15 17:40:16 | Re: Converting tab-complete.c's else-if chain to a switch |