Home > mailing lists

Re: [PATCH] Support % wildcard in extension upgrade filenames - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: [PATCH] Support % wildcard in extension upgrade filenames
Date	May 28, 2022 18:26:05
Msg-id	6181DA3F-B24A-4313-A0C2-F05D690AA726@yesql.se Whole thread Raw
In response to	Re: [PATCH] Support % wildcard in extension upgrade filenames (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses	Re: [PATCH] Support % wildcard in extension upgrade filenames
List	pgsql-hackers

Tree view

> On 28 May 2022, at 16:50, Laurenz Albe <laurenz.albe@cybertec.at> wrote:

> I don't think this idea is fundamentally wrong, but I have two worries:
> 
> 1. It would be a good idea good to make sure that there is not both
> "extension--%--2.0.sql" and "extension--1.0--2.0.sql" present.
> Otherwise the behavior might be indeterministic.
> 
> 2. What if you have a "postgis--%--3.3.sql", and somebody tries to upgrade
> their PostGIS 1.1 installation with it? Would that work?
> Having a lower bound for a matching version might be a good idea,
> although I have no idea how to do that.

Following that reasoning, couldn't a rogue actor inject a fake file (perhaps
bundled with another innocent looking extension) which takes precedence in
wildcard matching?

--
Daniel Gustafsson        https://vmware.com/

pgsql-hackers by date:

From: Daniel Gustafsson
Date: 28 May 2022, 18:17:46
Subject: Re: Improving connection scalability (src/backend/storage/ipc/procarray.c)

From: Daniel Gustafsson
Date: 28 May 2022, 18:30:51
Subject: Re: Bump MIN_WINNT to 0x0600 (Vista) as minimal runtime in 16~

Re: [PATCH] Support % wildcard in extension upgrade filenames - Mailing list pgsql-hackers

Previous

Next