Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions

From:	Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>
To:	John H <johnhyvr(at)gmail(dot)com>
Cc:	Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Jeff Davis <pgsql(at)j-davis(dot)com>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Date:	2024-06-13 08:09:01
Message-ID:	CAE9k0P=FcZ=ao3ZpEq29BveF+=27KBcRT2HFowJxoNCv02dHLA@mail.gmail.com
Views:	Raw Message | Whole Thread | Download mbox | Resend email
Thread:	2024-05-24 07:21:43 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>  2024-05-24 08:54:52 from Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>   2024-06-05 09:06:54 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> 📎    2024-06-05 21:06:11 from Jeff Davis <pgsql(at)j-davis(dot)com>     2024-06-06 15:47:17 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>      2024-06-06 16:53:19 from Jeff Davis <pgsql(at)j-davis(dot)com>       2024-06-06 18:09:55 from Isaac Morland <isaac(dot)morland(at)gmail(dot)com>        2024-06-06 22:19:16 from Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>         2024-06-06 23:20:16 from Jeff Davis <pgsql(at)j-davis(dot)com>     2024-06-11 09:54:30 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> 📎      2024-06-11 11:31:56 from Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>       2024-06-11 12:49:56 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>        2024-06-11 12:56:26 from Alexander Kukushkin <cyberdemn(at)gmail(dot)com>         2024-06-11 13:27:16 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>          2024-06-12 07:11:03 from Alexander Kukushkin <cyberdemn(at)gmail(dot)com>           2024-06-12 18:05:33 from John H <johnhyvr(at)gmail(dot)com>            2024-06-12 19:36:05 from Robert Haas <robertmhaas(at)gmail(dot)com>             2024-06-12 20:52:31 from Jeff Davis <pgsql(at)j-davis(dot)com>            2024-06-13 03:09:37 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>             2024-06-13 08:09:01 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> 📎              2024-06-17 21:05:37 from John H <johnhyvr(at)gmail(dot)com>               2024-06-18 04:14:54 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                2024-06-19 00:36:35 from John H <johnhyvr(at)gmail(dot)com>                 2024-06-19 03:23:25 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                  2024-06-24 19:10:02 from Jeff Davis <pgsql(at)j-davis(dot)com>                   2024-06-26 05:49:12 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                   2024-07-12 15:32:01 from Robert Haas <robertmhaas(at)gmail(dot)com>                    2024-07-15 12:05:05 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                     2024-07-15 17:44:58 from Robert Haas <robertmhaas(at)gmail(dot)com>                      2024-07-15 18:33:08 from Jeff Davis <pgsql(at)j-davis(dot)com>                       2024-07-15 20:04:53 from Robert Haas <robertmhaas(at)gmail(dot)com>                        2024-07-15 23:28:02 from Jeff Davis <pgsql(at)j-davis(dot)com>                      2024-07-16 05:55:36 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                       2024-07-16 16:09:51 from Robert Haas <robertmhaas(at)gmail(dot)com>                        2024-07-17 13:31:56 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>                         2024-07-24 12:28:35 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> 📎         2024-06-11 21:31:39 from Jeff Davis <pgsql(at)j-davis(dot)com>      2024-06-11 21:37:11 from Jeff Davis <pgsql(at)j-davis(dot)com>       2024-06-12 04:05:58 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>        2024-06-12 04:21:22 from Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>         2024-06-12 06:43:56 from Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>          2024-06-12 19:10:29 from Jeff Davis <pgsql(at)j-davis(dot)com>
Lists:	pgsql-hackers

Attachment	Content-Type	Size
v3-0001-Introduce-a-new-control-file-flag-called-protected-f.patch	application/octet-stream	19.0 KB

In response to

• Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions at 2024-06-13 03:09:37 from Ashutosh Sharma

Responses

• Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions at 2024-06-17 21:05:37 from John H

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Magnus Hagander	2024-06-13 08:14:52	Re: Changing default -march landscape
Previous Message	Richard Guo	2024-06-13 08:07:51	Re: Eager aggregation, take 3