Re: Extension security improvement: Add support for extensions with an owned schema

On Thu, 11 Sept 2025 at 15:02, Robert Haas <robertmhaas@gmail.com> wrote:
> What the patch does (IIRC) is make it so that dropping the extension
> just cascade-drops the schema.

You recall incorrectly ;) It only does that when you do:
DROP EXTENSION ... CASCADE

Otherwise you get errors like this:

 DROP EXTENSION test_ext_owned_schema;
 ERROR:  cannot drop extension test_ext_owned_schema because other
objects depend on it
 DETAIL:  function test_owned_schema_defaults.new_owned() depends on
schema test_owned_schema_defaults

> but somebody
> could equally well just install an unrelated extension in the same
> schema and then drop the first extension and, whoops.

To be clear, that could only happen when that unrelated extension does
not have owned_schema=true. Because creating such an extension
requires the schema to not exist yet. (And even then as explained
above the accidental drop only happens when the user uses CASCADE.)