| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Petr Jelinek <petr(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2014-10-16 14:02:38 |
| Message-ID: | 20141016140238.GC28859@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Petr Jelinek (petr(at)2ndquadrant(dot)com) wrote:
> >> Yeah it will, mainly because extensions can load modules and can
> >> have untrusted functions, we might want to limit which extensions
> >> are possible to create without being superuser.
>
> > The extension has to be available on the filesystem before it can be
> > created, of course. I'm not against providing some kind of whitelist or
> > similar which a superuser could control.. That's similar to how PLs
> > work wrt pltemplate, no?
>
> The existing behavior is "you can create an extension if you can execute
> all the commands contained in its script". I'm not sure that messing
> with that rule is a good idea; in any case it seems well out of scope
> for this patch.
Right, that's the normal rule. I still like the idea of letting
non-superusers create "safe" extensions, but I completely agree- beyond
the scope of this patch (as I noted in my initial post).
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-10-16 14:06:59 | Re: Hide 'Execution time' in EXPLAIN (COSTS OFF) |
| Previous Message | Tom Lane | 2014-10-16 13:59:36 | Re: Additional role attributes && superuser review |