From: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, John H <johnhyvr(at)gmail(dot)com>, Alexander Kukushkin <cyberdemn(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
Date: | 2024-07-16 05:55:36 |
Message-ID: | CAE9k0PmnY+=mMLhz0o=G4_=U1CxQ_ORdos-y_Sde7mWTWTJ17w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi Robert.
On Mon, Jul 15, 2024 at 11:15 PM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> On Mon, Jul 15, 2024 at 8:05 AM Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> wrote:
> > I've added these changes to restrict users from explicitly setting the
> > $extension_schema in the search_path. This ensures that
> > $extension_schema can only be set implicitly for functions created by
> > the extension when the "protected" flag is enabled.
>
> But ... why? I mean, what's the point of prohibiting that? In fact,
> maybe we should have *that* and forget about the protected flag in the
> control file.
>
Just to confirm, are you suggesting to remove the protected flag and
set the default search_path (as $extension_schema,) for all functions
within an extension where no explicit search_path is set? In addition
to that, also allow users to explicitly set $extension_schema as the
search_path and bypass resolution of $extension_schema for objects
outside the extension?
--
With Regards,
Ashutosh Sharma.
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Kapila | 2024-07-16 06:29:04 | Re: long-standing data loss bug in initial sync of logical replication |
Previous Message | Hayato Kuroda (Fujitsu) | 2024-07-16 05:17:06 | RE: Slow catchup of 2PC (twophase) transactions on replica in LR |