Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Date
Msg-id 00d8f046156e355ec0eb49585408bafc8012e4a5.camel@j-davis.com
Whole thread Raw
In response to Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
On Wed, 2024-06-12 at 15:36 -0400, Robert Haas wrote:
> But I think there's another problem, which is
> that if the extension is relocatable, how do you set a secure
> search_path? You could say SET search_path = foo, pg_catalog if you
> know the extension will be installed in schema foo, but if you don't
> know in what schema the extension will be installed, then what are
> you
> supposed to do? The proposal of litting $extension_schema could help
> with that ...
>
> ...except I'm not sure that's really a full solution either, because
> what if the extension is installed into a schema that's writable by
> others, like public?

Jelte proposed something to fix that here:

https://www.postgresql.org/message-id/CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF%2B6rNQ%40mail.gmail.com


Regards,
    Jeff Davis




pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: Proposal for Updating CRC32C with AVX-512 Algorithm.
Next
From: Noah Misch
Date:
Subject: Re: RFC: adding pytest as a supported test framework