• Tom Lane's avatar
    In extensions, don't replace objects not belonging to the extension. · 5721da7e
    Tom Lane authored
    Previously, if an extension script did CREATE OR REPLACE and there was
    an existing object not belonging to the extension, it would overwrite
    the object and adopt it into the extension.  This is problematic, first
    because the overwrite is probably unintentional, and second because we
    didn't change the object's ownership.  Thus a hostile user could create
    an object in advance of an expected CREATE EXTENSION command, and would
    then have ownership rights on an extension object, which could be
    modified for trojan-horse-type attacks.
    
    Hence, forbid CREATE OR REPLACE of an existing object unless it already
    belongs to the extension.  (Note that we've always forbidden replacing
    an object that belongs to some other extension; only the behavior for
    previously-free-standing objects changes here.)
    
    For the same reason, also fail CREATE IF NOT EXISTS when there is
    an existing object that doesn't belong to the extension.
    
    Our thanks to Sven Klemm for reporting this problem.
    
    Security: CVE-2022-2625
    5721da7e
test_extensions.out 11.4 KB