diff --git a/contrib/hstore_plperl/hstore_plperl--1.0.sql b/contrib/hstore_plperl/hstore_plperl--1.0.sql index af743c87335..2837f3719f0 100644 --- a/contrib/hstore_plperl/hstore_plperl--1.0.sql +++ b/contrib/hstore_plperl/hstore_plperl--1.0.sql @@ -7,11 +7,11 @@ CREATE FUNCTION hstore_to_plperl(val internal) RETURNS internal LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME'; -CREATE FUNCTION plperl_to_hstore(val internal) RETURNS hstore +CREATE FUNCTION plperl_to_hstore(val internal) RETURNS @extschema:hstore@.hstore LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME'; -CREATE TRANSFORM FOR hstore LANGUAGE plperl ( +CREATE TRANSFORM FOR @extschema:hstore@.hstore LANGUAGE plperl ( FROM SQL WITH FUNCTION hstore_to_plperl(internal), TO SQL WITH FUNCTION plperl_to_hstore(internal) ); diff --git a/contrib/hstore_plperl/hstore_plperlu--1.0.sql b/contrib/hstore_plperl/hstore_plperlu--1.0.sql index 7c3bc86eba9..7f3119a7b2e 100644 --- a/contrib/hstore_plperl/hstore_plperlu--1.0.sql +++ b/contrib/hstore_plperl/hstore_plperlu--1.0.sql @@ -7,11 +7,11 @@ CREATE FUNCTION hstore_to_plperlu(val internal) RETURNS internal LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME', 'hstore_to_plperl'; -CREATE FUNCTION plperlu_to_hstore(val internal) RETURNS hstore +CREATE FUNCTION plperlu_to_hstore(val internal) RETURNS @extschema:hstore@.hstore LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME', 'plperl_to_hstore'; -CREATE TRANSFORM FOR hstore LANGUAGE plperlu ( +CREATE TRANSFORM FOR @extschema:hstore@.hstore LANGUAGE plperlu ( FROM SQL WITH FUNCTION hstore_to_plperlu(internal), TO SQL WITH FUNCTION plperlu_to_hstore(internal) ); diff --git a/contrib/hstore_plpython/hstore_plpython3u--1.0.sql b/contrib/hstore_plpython/hstore_plpython3u--1.0.sql index 0b410ab1835..35082322416 100644 --- a/contrib/hstore_plpython/hstore_plpython3u--1.0.sql +++ b/contrib/hstore_plpython/hstore_plpython3u--1.0.sql @@ -7,13 +7,13 @@ CREATE FUNCTION hstore_to_plpython3(val internal) RETURNS internal LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME', 'hstore_to_plpython'; -CREATE FUNCTION plpython3_to_hstore(val internal) RETURNS hstore +CREATE FUNCTION plpython3_to_hstore(val internal) RETURNS @extschema:hstore@.hstore LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME', 'plpython_to_hstore'; -CREATE TRANSFORM FOR hstore LANGUAGE plpython3u ( +CREATE TRANSFORM FOR @extschema:hstore@.hstore LANGUAGE plpython3u ( FROM SQL WITH FUNCTION hstore_to_plpython3(internal), TO SQL WITH FUNCTION plpython3_to_hstore(internal) ); -COMMENT ON TRANSFORM FOR hstore LANGUAGE plpython3u IS 'transform between hstore and Python dict'; +COMMENT ON TRANSFORM FOR @extschema:hstore@.hstore LANGUAGE plpython3u IS 'transform between hstore and Python dict'; diff --git a/contrib/ltree_plpython/ltree_plpython3u--1.0.sql b/contrib/ltree_plpython/ltree_plpython3u--1.0.sql index 09ada3c7e8b..14f73518d6a 100644 --- a/contrib/ltree_plpython/ltree_plpython3u--1.0.sql +++ b/contrib/ltree_plpython/ltree_plpython3u--1.0.sql @@ -7,6 +7,6 @@ CREATE FUNCTION ltree_to_plpython3(val internal) RETURNS internal LANGUAGE C STRICT IMMUTABLE AS 'MODULE_PATHNAME', 'ltree_to_plpython'; -CREATE TRANSFORM FOR ltree LANGUAGE plpython3u ( +CREATE TRANSFORM FOR @extschema:ltree@.ltree LANGUAGE plpython3u ( FROM SQL WITH FUNCTION ltree_to_plpython3(internal) ); diff --git a/doc/src/sgml/extend.sgml b/doc/src/sgml/extend.sgml index 218940ee5ce..ba492ca27c0 100644 --- a/doc/src/sgml/extend.sgml +++ b/doc/src/sgml/extend.sgml @@ -1348,15 +1348,11 @@ SELECT * FROM pg_extension_update_paths('extension_name - Cross-extension references are extremely difficult to make fully - secure, partially because of uncertainty about which schema the other - extension is in. The hazards are reduced if both extensions are - installed in the same schema, because then a hostile object cannot be - placed ahead of the referenced extension in the installation-time - search_path. However, no mechanism currently exists - to require that. For now, best practice is to not mark an extension - trusted if it depends on another one, unless that other one is always - installed in pg_catalog. + Secure cross-extension references typically require schema-qualification + of the names of the other extension's objects, using the + @extschema:name@ + syntax, in addition to careful matching of argument types for functions + and operators. diff --git a/doc/src/sgml/hstore.sgml b/doc/src/sgml/hstore.sgml index 7d93e49e913..44325e0bba0 100644 --- a/doc/src/sgml/hstore.sgml +++ b/doc/src/sgml/hstore.sgml @@ -946,15 +946,6 @@ ALTER TABLE tablename ALTER hstorecol TYPE hstore USING hstorecol || ''; extension for PL/Python is called hstore_plpython3u. If you use it, hstore values are mapped to Python dictionaries. - - - - It is strongly recommended that the transform extensions be installed in - the same schema as hstore. Otherwise there are - installation-time security hazards if a transform extension's schema - contains objects defined by a hostile user. - - diff --git a/doc/src/sgml/ltree.sgml b/doc/src/sgml/ltree.sgml index 9584105b03b..1c3543303f0 100644 --- a/doc/src/sgml/ltree.sgml +++ b/doc/src/sgml/ltree.sgml @@ -841,15 +841,6 @@ ltreetest=> SELECT ins_label(path,2,'Space') FROM test WHERE path <@ 'Top. creating a function, ltree values are mapped to Python lists. (The reverse is currently not supported, however.) - - - - It is strongly recommended that the transform extension be installed in - the same schema as ltree. Otherwise there are - installation-time security hazards if a transform extension's schema - contains objects defined by a hostile user. - -