Home > mailing lists

Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Date	June 12 22:10:29
Msg-id	61c1455b17cd0e67e087cb09e55c45d8852a1ede.camel@j-davis.com Whole thread Raw
In response to	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions (Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>)
List	pgsql-hackers

Tree view

On Wed, 2024-06-12 at 12:13 +0530, Ashutosh Bapat wrote:
> > Alternatively, we could leverage the extension dependency
> > information
> > to determine whether the function is created by an extension or
> > not.
>
> That will be simpler. We do that sort of thing for identity
> sequences. So there's a precedent to do that kind of stuff. 

I did not look at the details, but +1 for using information we already
have. There's a little bit of extra work to resolve it, but thanks to
the search_path cache it should only need to be done once per unique
search_path setting per session.

Regards,
    Jeff Davis

pgsql-hackers by date:

From: Robert Haas
Date: 12 June, 22:08:14
Subject: Re: Improve the granularity of PQsocketPoll's timeout parameter?

From: Robert Haas
Date: 12 June, 22:11:53
Subject: Re: On disable_cost

Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions - Mailing list pgsql-hackers

Previous

Next