| From: | Hannu Krosing <hannu(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Steven Citron-Pousty <spousty(at)redhat(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, "shifters(at)redhat(dot)com shifters" <shifters(at)redhat(dot)com>, Matthew Hicks <mhicks(at)redhat(dot)com>, Hirotsugu Asari <hasari(at)redhat(dot)com>, Adam Miller <admiller(at)redhat(dot)com> |
| Subject: | Re: Feature Request on Extensions |
| Date: | 2013-08-18 09:36:51 |
| Message-ID: | 521095B3.80107@2ndQuadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08/17/2013 11:53 PM, Steven Citron-Pousty wrote:
> Greetings all:
> I spoke to Josh B and company at OSCON about a feature we really need
> for PostgreSQL extensions on OpenShift (Red Hat's Platform as a
> Service).
>
> What we need is the ability for Postgresql to load extensions from a
> users file space.
There were objections earlier against loading anything "binary" from
a directory not being writable by root only.
But allowing loading modules from the directory of the user the server
runs as (usually postgres, but could be any system user other than root)
seems like a really good idea.
I can not see how this would create any additional security problems,
as the user can already do anything that user can do. adding postgresql
binary in this mix running as the same user can not possibly add any
new security concerns.
If anybody can point out something I overlook here, please do so!
Cheers
--
Hannu Krosing
PostgreSQL Consultant
Performance, Scalability and High Availability
2ndQuadrant Nordic OÜ
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stefan Kaltenbrunner | 2013-08-18 11:05:04 | CREATE FUNCTION .. SET vs. pg_dump |
| Previous Message | Nicolas Barbier | 2013-08-18 08:22:00 | Re: Chinese in Postgres |