On Sat, Sep 6, 2025 at 3:35 AM Jelte Fennema-Nio <[email protected]> wrote: > I think that sounds like reasonable change to Roberts initial > proposal: Allowing the schema owner and superusers to add objects in > the schema, but disallow all other users (even if they have CREATE > privileges on the schema).
I don't know, I'm not really convinced. I feel like this isn't really a security issue but more of a could-be-an-unpleasant-surprise issue. What the patch does (IIRC) is make it so that dropping the extension just cascade-drops the schema. If the schema contains anything unrelated to the extension, that's going to remove stuff that it shouldn't remove. In Julien's examples, the other stuff that gets introduced into the schema is logically part of the extension even if it doesn't formally have membership in the extension, but somebody could equally well just install an unrelated extension in the same schema and then drop the first extension and, whoops. -- Robert Haas EDB: http://www.enterprisedb.com
