"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzhangl@cn.ibm.com> wrote:
>> Thanks for your answer. My doubt is that since an ordinary user creates
>> the extension, shouldn't be this user the owner of the objects created
>> within the extension?
> While that is a possible implementation choice, that isn't what was chosen.
Let's be clear here: that is not some random implementor's decision.
That is *necessary*, else the feature is completely insecure.
The example given at the top of the thread isn't especially
security-relevant, but there are a lot of other possible ALTER commands
that are. For example, an ordinary user granted ownership of a
"C"-language function can easily modify it in a way that allows her to
gain full control of the installation. So we cannot implement trusted
extensions by allowing the user requesting the install to own the
individual objects within the extension.
regards, tom lane