Re: Extension security improvement: Add support for extensions with an owned schema

David E. Wheeler <david@justatheory.com>

From: "David E. Wheeler" <david@justatheory.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Jelte Fennema-Nio <me@jeltef.nl>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2024-06-20T17:00:41Z
Lists: pgsql-hackers
On Jun 19, 2024, at 11:28, Robert Haas <robertmhaas@gmail.com> wrote:

> But I wonder if there might also be another possible approach: could
> we, somehow, prevent object references in extension scripts from
> resolving to anything other than the system catalogs and the contents
> of that extension? Perhaps with a control file setting to specify a
> list of trusted extensions which we're also allowed to reference?

It would also have to allow access to other extensions it depends upon.

D