On 2020-01-29 14:41:16 -0500, Tom Lane wrote:
> pgcrypto

FWIW, given the code quality, I'm doubtful about putting itq into the trusted

Have you audited how safe the create/upgrade scripts are against being
used to elevate privileges?

Especially with FROM UNPACKAGED it seems like it'd be fairly easy to get
an extension script to do dangerous things (as superuser). One could
just create pre-existing objects that have *not* been created by a
previous version, and some upgrade scripts would do pretty weird
stuff. There's several that do things like updating catalogs directly
etc.  It seems to me that FROM UNPACKAGED shouldn't support trusted.


Andres Freund

Reply via email to