Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Ashutosh Sharma <ashu.coek88@gmail.com>, John H <johnhyvr@gmail.com>,
Alexander Kukushkin <cyberdemn@gmail.com>, Jelte Fennema-Nio
<postgres@jeltef.nl>, Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-07-15T23:28:02Z
Lists: pgsql-hackers
On Mon, 2024-07-15 at 16:04 -0400, Robert Haas wrote: > Oh, I had the opposite idea: I wasn't proposing ignoring it. I was > proposing making it work. I meant: ignore $extension_schema if the search_path has nothing to do with an extension. In other words, if it's in a search_path for the session, or on a function that's not part of an extension. On re-reading, I see that you mean it should work if they explicitly set it as a part of a function that *is* part of an extension. And I agree with that -- just make it work. Regards, Jeff Davis