Re: Extension security improvement: Add support for extensions with an owned schema
Jelte Fennema-Nio <me@jeltef.nl>
From: "Jelte Fennema-Nio" <me@jeltef.nl>
To: "Robert Haas" <robertmhaas@gmail.com>
Cc: "Julien Rouhaud" <rjuju123@gmail.com>, "Artem Gavrilov"
<artem.gavrilov@percona.com>, "Tomas Vondra" <tomas@vondra.me>, "David G.
Johnston" <david.g.johnston@gmail.com>, "Jeff Davis" <pgsql@j-davis.com>,
"PostgreSQL-development" <pgsql-hackers@postgresql.org>
Date: 2026-02-10T23:19:39Z
Lists: pgsql-hackers
Attachments
- v8-0001-Add-support-for-extensions-with-an-owned-schema.patch (text/x-patch) patch v8-0001
- nocfbot.changes.diff (text/x-patch) patch
On Thu, 11 Sept 2025 at 16:52, Robert Haas <robertmhaas@gmail.com> wrote: > OK. Perhaps that needs some associated tests? Added now in v8, as well as a bunch of other tests. Including a test for trusted extensions, and a fix so that for trusted extensions the owned schema is owned by the bootstrap superuser. Changes made since v7 can be found in nocfbot.changes.diff. > To be honest, I'm kind of leaning at this point toward saying we > shouldn't impose any special restrictions here. If the DROP doesn't > cascade, then the worst thing that can happen is that you make it hard > for yourself to drop your own extension cleanly. I think letting the > superuser and the schema owner do things and other people not is too > weird -- it basically boils down to ignoring GRANT sometimes, and I > think users will find it confusing. I agree. I kept it like that.