Home > mailing lists

Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions - Mailing list pgsql-hackers

From	Jelte Fennema-Nio
Subject	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
Date	June 11 14:31:56
Msg-id	CAGECzQSms+ikWo7E0E1QAVvhM2+9FQydEywyCLztPaAYr9s+Bw@mail.gmail.com Whole thread Raw
In response to	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions (Ashutosh Sharma <ashu.coek88@gmail.com>)
Responses	Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions
List	pgsql-hackers

Tree view

On Tue, 11 Jun 2024 at 11:54, Ashutosh Sharma <ashu.coek88@gmail.com> wrote:
> 1) Extends the CREATE EXTENSION command to support a new option, SET
> SEARCH_PATH.

I don't think it makes sense to add such an option to CREATE EXTENSION.
I feel like such a thing should be part of the extension control file
instead. That way the extension author controls the search path, not
the person that installs the extension.

pgsql-hackers by date:

From: Andrew Dunstan
Date: 11 June, 14:22:18
Subject: Re: Windows: openssl & gssapi dislike each other

From: Srirama Kucherlapati
Date: 11 June, 14:38:14
Subject: RE: AIX support

Re: Addressing SECURITY DEFINER Function Vulnerabilities in PostgreSQL Extensions - Mailing list pgsql-hackers

Previous

Next