| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | MUHAMMAD ASIF <anaeem(dot)it(at)hotmail(dot)com> |
| Cc: | robertmhaas(at)gmail(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: PLUGINS Functionlity in Win32 build scripts |
| Date: | 2008-12-18 20:03:50 |
| Message-ID: | 24837.1229630630@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
MUHAMMAD ASIF <anaeem(dot)it(at)hotmail(dot)com> writes:
> Purpose of this Plugins change is to add support in postgresql source
> to build plugin and install in (install dir)/lib/plugins. We made
> these changes for a plugin module i.e. pldebugger and we found this a
> useful feature that can help postgresql in adding plugins easily.
AFAICT, the idea of this patch is to make shared libraries that
automatically install in $libdir/plugins/ rather than $libdir/.
This is actually in direct contradiction to the original intent of the
plugins/ subdirectory, which was that it only contain libraries that the
local administrator had decided to consider safe and put there manually.
Since the normal superuser-only restrictions for library loading are
bypassed for stuff in plugins/, there's a nontrivial risk of security
problems if stuff just gets put there willy-nilly.
If we want to change this security policy, let's have a discussion about
it in those terms. It's a policy, not a bug to be patched around.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2008-12-18 20:16:52 | Re: Function with defval returns error |
| Previous Message | Tom Lane | 2008-12-18 19:46:04 | Re: possible bug in 8.4 |