Re: Configurable location for extension .control files

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Configurable location for extension .control files
Date: 2013-06-04 19:10:24
Message-ID: 2237.1370373024@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Josh Berkus <josh(at)agliodbs(dot)com> writes:
> On 06/04/2013 10:25 AM, Tom Lane wrote:
>> Basically, none of those are likely to get accepted because of security
>> concerns. We *don't* want this path to be run-time adjustable.

> Really? I don't see a security concern in having a postgresql.conf
> option which requires a full restart. If the user can edit
> postgresql.conf and do a cold restart, presumably they can do anything
> they want anyway.

Yeah, if the config option were to be superuser-only, the security issue
would be ameliorated --- not removed entirely, IMO, but at least
weakened. However, this seems to me to be missing the point, which is
that the extensions feature is designed to let the DBA have control over
which extensions are potentially installable. If we allow extension
control files to be loaded from any random directory then we lose that.
Part of the argument for not requiring superuser permissions to execute
CREATE EXTENSION was based on that restriction, so we'd need to go back
and rethink the permissions needed for CREATE EXTENSION.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2013-06-04 19:17:05 Re: Configurable location for extension .control files
Previous Message Kohei KaiGai 2013-06-04 18:50:44 RFC: ExecNodeExtender