Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Robert Haas <robertmhaas@gmail.com>, John H <johnhyvr@gmail.com>
Cc: Alexander Kukushkin <cyberdemn@gmail.com>, Ashutosh Sharma
<ashu.coek88@gmail.com>, Jelte Fennema-Nio <postgres@jeltef.nl>, Ashutosh
Bapat <ashutosh.bapat.oss@gmail.com>, pgsql-hackers
<pgsql-hackers@postgresql.org>
Date: 2024-06-12T20:52:31Z
Lists: pgsql-hackers
On Wed, 2024-06-12 at 15:36 -0400, Robert Haas wrote: > But I think there's another problem, which is > that if the extension is relocatable, how do you set a secure > search_path? You could say SET search_path = foo, pg_catalog if you > know the extension will be installed in schema foo, but if you don't > know in what schema the extension will be installed, then what are > you > supposed to do? The proposal of litting $extension_schema could help > with that ... > > ...except I'm not sure that's really a full solution either, because > what if the extension is installed into a schema that's writable by > others, like public? Jelte proposed something to fix that here: https://www.postgresql.org/message-id/CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF%2B6rNQ%40mail.gmail.com Regards, Jeff Davis