From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Li EF Zhang <bjzhangl(at)cn(dot)ibm(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Make bloom extension trusted, but can not drop with normal user |
Date: | 2021-08-24 15:15:59 |
Message-ID: | 344416.1629818159@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> "Li EF Zhang" <bjzhangl(at)cn(dot)ibm(dot)com> writes:
>>> Since pg13 support trusted extension, so I changed control file of bloom
>>> and make it trusted.
>> The fact that you can edit the file that way doesn't make it a supported
>> case.
> Why does that matter here though? This isn't a question about a security
> violation, it's one about the basic premise that a trusted extension is
> owned by the creating user and thus can be dropped by them.
My point was that randomly marking stuff as trusted is likely to cause
large problems, therefore we don't support doing it. Per the other
followup, this does work as-expected in v14. I doubt we'd take the risk
of moving superuserness checks around in v13 to make it work there.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2021-08-24 15:17:25 | Re: Make bloom extension trusted, but can not drop with normal user |
Previous Message | David G. Johnston | 2021-08-24 14:40:24 | Re: Make bloom extension trusted, but can not drop with normal user |