| From: | Alexander Kukushkin <cyberdemn(at)gmail(dot)com> |
|---|---|
| To: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
| Cc: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl>, Jeff Davis <pgsql(at)j-davis(dot)com>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |
| Date: | 2024-06-11 12:56:26 |
| Message-ID: | CAFh8B==D3Q_Ajnf-Lw5M_mJ7t1=dtQfpk8aZ_qxc4FiuYUzdmA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Tue, 11 Jun 2024 at 14:50, Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> wrote:
> If the author has configured the search_path for any desired function,
> using this option with the CREATE EXTENSION command will not affect
> those functions.
>
Then effectively this feature is useless.
Now attackers can just set search_path for the current session.
With this feature they will also be able to influence search_path of not
protected functions when they create an extension.
Regards,
--
Alexander Kukushkin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ranier Vilela | 2024-06-11 13:01:25 | Re: Improve the granularity of PQsocketPoll's timeout parameter? |
| Previous Message | Ashutosh Sharma | 2024-06-11 12:49:56 | Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions |