> I believe one of the following approaches should be considered to prevent > such failures: > > 1. Restrict the creation of user objects within the `pg_catalog` schema.
That's already the case:
test=# CREATE TABLE pg_catalog.new (); ERROR: permission denied to create "pg_catalog.new" DETAIL: System catalog modifications are currently disallowed.
I'm able to create the object as shown in the below:
postgres=# CREATE OR REPLACE FUNCTION pg_catalog.nont_ext_func() RETURNS char AS $$ BEGIN return 'v'; END; $$ LANGUAGE plpgsql;
CREATE FUNCTION
Why can't we strictly restrict object creation in pg_catalog?