Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Jelte Fennema-Nio <postgres@jeltef.nl>
From: Jelte Fennema-Nio <postgres@jeltef.nl>
To: Ashutosh Sharma <ashu.coek88@gmail.com>
Cc: Jeff Davis <pgsql@j-davis.com>,
Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-06-11T11:31:56Z
Lists: pgsql-hackers
On Tue, 11 Jun 2024 at 11:54, Ashutosh Sharma <ashu.coek88@gmail.com> wrote: > 1) Extends the CREATE EXTENSION command to support a new option, SET > SEARCH_PATH. I don't think it makes sense to add such an option to CREATE EXTENSION. I feel like such a thing should be part of the extension control file instead. That way the extension author controls the search path, not the person that installs the extension.