Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions

Ashutosh Sharma <ashu.coek88@gmail.com>

From: Ashutosh Sharma <ashu.coek88@gmail.com>
To: John H <johnhyvr@gmail.com>
Cc: Alexander Kukushkin <cyberdemn@gmail.com>, Jelte Fennema-Nio <postgres@jeltef.nl>, Jeff Davis <pgsql@j-davis.com>, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-06-13T03:09:37Z
Lists: pgsql-hackers
Hi,

On Wed, Jun 12, 2024 at 11:35 PM John H <johnhyvr@gmail.com> wrote:
>
> > But, I also agree with Jelte, it should be a property of a control file, rather than a user controlled parameter, so that an attacker can't opt out.
>

This will be addressed in the next patch version.

> +1. Also curious what happens if an extension author has search_path
> already set in proconfig for a function that doesn't match what's in
> the control file. I'm guessing the function one should take
> precedence.
>

Yes, if the author has explicitly set the proconfig, it will take precedence.

--
With Regards,
Ashutosh Sharma.