From: | Harinath Kanchu <hkanchu(at)apple(dot)com> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Trusted extension cannot be dropped by the owner of the extension |
Date: | 2021-05-20 22:54:22 |
Message-ID: | B20F3B79-DE7C-4705-8412-4AE5B84B53A8@apple.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hello Postgres community,
We recently encountered a bug regarding the install/uninstall of extensions. Here are the details.
Facts/Observations:
Unable to drop TRUSTED extension.
Postgres version:
test_db=> SELECT version();
version
-------------------------------------------------------------------------------------------------------------------
PostgreSQL 13.2 on x86_64-apple-darwin20.3.0, compiled by Apple clang version 11.0.0 (clang-1100.0.33.17), 64-bit
(1 row)
Steps to reproduce the bug:
Compile and install postgres 13.2
./configure --prefix=${INSTALL_PATH} --with-openssl --with-uuid=e2fs --with-perl --with-python --with-tcl
make install-world
Mark “bloom” extension as trusted
Add “trusted = true” to “bloom.control” file located in ${INSTALL_PATH}/share/extension/
Contents of bloom.control file after adding
# bloom extension
comment = 'bloom access method - signature file based index'
default_version = '1.0'
module_pathname = '$libdir/bloom'
relocatable = true
trusted = true
Run the below commands in PSQL client (attaching the commands with output)
test_db=> create extension bloom;
CREATE EXTENSION
test_db=> drop extension bloom;
ERROR: 42501: must be superuser to drop access methods
LOCATION: RemoveAccessMethodById, amcmds.c:130
Expected:
As the extension is marked as TRUSTED, if superuser privilege is not necessary during the “create extension” then superuser privilege should not be required when the owner of the extension drops it.
Why this expectation:
According to the documentation referred here
https://www.postgresql.org/docs/current/sql-createextension.html <https://www.postgresql.org/docs/current/sql-createextension.html> the following is observed.
“””
The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of later privilege checks, and normally also becomes the owner of any objects created by the extension's script.
“””
if the user is the owner of the extension then it is expected that the access methods created during the extension installation should be under the same user’s ownership and there should not be an error when dropping the extension.
Thank you,
Best,
Harinath
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2021-05-20 23:05:21 | Re: ResultCache cache error: "cache entry already complete" in 14beta1 |
Previous Message | David Rowley | 2021-05-20 22:22:06 | Re: ResultCache cache error: "cache entry already complete" in 14beta1 |