Re: Extension security improvement: Add support for extensions with an owned schema
David E. Wheeler <david@justatheory.com>
From: "David E. Wheeler" <david@justatheory.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Jelte Fennema-Nio <me@jeltef.nl>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2024-06-20T17:00:41Z
Lists: pgsql-hackers
On Jun 19, 2024, at 11:28, Robert Haas <robertmhaas@gmail.com> wrote: > But I wonder if there might also be another possible approach: could > we, somehow, prevent object references in extension scripts from > resolving to anything other than the system catalogs and the contents > of that extension? Perhaps with a control file setting to specify a > list of trusted extensions which we're also allowed to reference? It would also have to allow access to other extensions it depends upon. D