Home > mailing lists

Re: Extension security improvement: Add support for extensions with an owned schema - Mailing list pgsql-hackers

From	Jelte Fennema-Nio
Subject	Re: Extension security improvement: Add support for extensions with an owned schema
Date	September 11 16:29:27
Msg-id	CAGECzQT8Rjo73xJfS-KSouoj09oUSOM6UWhvy0JXXO8+U0qwwQ@mail.gmail.com Whole thread Raw
In response to	Re: Extension security improvement: Add support for extensions with an owned schema (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Extension security improvement: Add support for extensions with an owned schema
List	pgsql-hackers

Tree view

On Thu, 11 Sept 2025 at 15:02, Robert Haas <robertmhaas@gmail.com> wrote:
> What the patch does (IIRC) is make it so that dropping the extension
> just cascade-drops the schema.

You recall incorrectly ;) It only does that when you do:
DROP EXTENSION ... CASCADE

Otherwise you get errors like this:

 DROP EXTENSION test_ext_owned_schema;
 ERROR:  cannot drop extension test_ext_owned_schema because other
objects depend on it
 DETAIL:  function test_owned_schema_defaults.new_owned() depends on
schema test_owned_schema_defaults

> but somebody
> could equally well just install an unrelated extension in the same
> schema and then drop the first extension and, whoops.

To be clear, that could only happen when that unrelated extension does
not have owned_schema=true. Because creating such an extension
requires the schema to not exist yet. (And even then as explained
above the accidental drop only happens when the user uses CASCADE.)

pgsql-hackers by date:

From: Robert Haas
Date: 11 September, 16:14:24
Subject: Re: Making type Datum be 8 bytes everywhere

From: Kouber Saparev
Date: 11 September, 16:35:01
Subject: Re: BF mamba failure

Re: Extension security improvement: Add support for extensions with an owned schema - Mailing list pgsql-hackers

Previous

Next