diff options
| author | Tom Lane | 2022-08-08 15:12:31 +0000 |
|---|---|---|
| committer | Tom Lane | 2022-08-08 15:12:31 +0000 |
| commit | b9b21acc766db54d8c337d508d0fe2f5bf2daab0 (patch) | |
| tree | f1e302dbebbfb0ec7cc53f9bbfbd3ef91463c481 /src/test/modules/test_extensions/Makefile | |
| parent | 7e29a79a46d30dc236d097825ab849158929d977 (diff) | |
In extensions, don't replace objects not belonging to the extension.
Previously, if an extension script did CREATE OR REPLACE and there was
an existing object not belonging to the extension, it would overwrite
the object and adopt it into the extension. This is problematic, first
because the overwrite is probably unintentional, and second because we
didn't change the object's ownership. Thus a hostile user could create
an object in advance of an expected CREATE EXTENSION command, and would
then have ownership rights on an extension object, which could be
modified for trojan-horse-type attacks.
Hence, forbid CREATE OR REPLACE of an existing object unless it already
belongs to the extension. (Note that we've always forbidden replacing
an object that belongs to some other extension; only the behavior for
previously-free-standing objects changes here.)
For the same reason, also fail CREATE IF NOT EXISTS when there is
an existing object that doesn't belong to the extension.
Our thanks to Sven Klemm for reporting this problem.
Security: CVE-2022-2625
Diffstat (limited to 'src/test/modules/test_extensions/Makefile')
| -rw-r--r-- | src/test/modules/test_extensions/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/test/modules/test_extensions/Makefile b/src/test/modules/test_extensions/Makefile index 77ee4d5d9ec..452cae3b2eb 100644 --- a/src/test/modules/test_extensions/Makefile +++ b/src/test/modules/test_extensions/Makefile @@ -4,11 +4,14 @@ MODULE = test_extensions PGFILEDESC = "test_extensions - regression testing for EXTENSION support" EXTENSION = test_ext1 test_ext2 test_ext3 test_ext4 test_ext5 test_ext6 \ - test_ext7 test_ext8 test_ext_cyclic1 test_ext_cyclic2 \ + test_ext7 test_ext8 test_ext_cine test_ext_cor \ + test_ext_cyclic1 test_ext_cyclic2 \ test_ext_evttrig DATA = test_ext1--1.0.sql test_ext2--1.0.sql test_ext3--1.0.sql \ test_ext4--1.0.sql test_ext5--1.0.sql test_ext6--1.0.sql \ test_ext7--1.0.sql test_ext7--1.0--2.0.sql test_ext8--1.0.sql \ + test_ext_cine--1.0.sql test_ext_cine--1.0--1.1.sql \ + test_ext_cor--1.0.sql \ test_ext_cyclic1--1.0.sql test_ext_cyclic2--1.0.sql \ test_ext_evttrig--1.0.sql test_ext_evttrig--1.0--2.0.sql |