On Sat, May 28, 2022 at 05:26:05PM +0200, Daniel Gustafsson wrote: > > On 28 May 2022, at 16:50, Laurenz Albe <laurenz.a...@cybertec.at> wrote: > > > I don't think this idea is fundamentally wrong, but I have two worries: > > > > 1. It would be a good idea good to make sure that there is not both > > "extension--%--2.0.sql" and "extension--1.0--2.0.sql" present. > > Otherwise the behavior might be indeterministic. > > > > 2. What if you have a "postgis--%--3.3.sql", and somebody tries to upgrade > > their PostGIS 1.1 installation with it? Would that work? > > Having a lower bound for a matching version might be a good idea, > > although I have no idea how to do that. > > Following that reasoning, couldn't a rogue actor inject a fake file (perhaps > bundled with another innocent looking extension) which takes precedence in > wildcard matching?
I think whoever can write into the PostgreSQL extension folder will be able to inject anything anyway.... --strk;