Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions

Jeff Davis <pgsql@j-davis.com>

From: Jeff Davis <pgsql@j-davis.com>
To: Ashutosh Sharma <ashu.coek88@gmail.com>
Cc: Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-06-11T21:37:11Z
Lists: pgsql-hackers
On Tue, 2024-06-11 at 15:24 +0530, Ashutosh Sharma wrote:
> 3) When the ALTER EXTENSION SET SCHEMA command is executed and if the
> function's search_path contains the old schema of the extension, it
> is
> updated with the new schema.

I don't think it's reasonable to search-and-replace within a function's
SET clause at ALTER time.

I believe we need a new special search_path item, like
"$extension_schema", to mean the schema of the extension owning the
function. It would, like "$user", automatically adjust to the current
value when changed.

That sounds like a useful and non-controversial change.

Regards,
	Jeff Davis