Trusted extension cannot be dropped by the owner of the extension

From: Harinath Kanchu <hkanchu(at)apple(dot)com>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Trusted extension cannot be dropped by the owner of the extension
Date: 2021-05-20 22:54:22
Message-ID: B20F3B79-DE7C-4705-8412-4AE5B84B53A8@apple.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Hello Postgres community,

We recently encountered a bug regarding the install/uninstall of extensions. Here are the details.

Facts/Observations:

Unable to drop TRUSTED extension.

Postgres version:

test_db=> SELECT version();
version
-------------------------------------------------------------------------------------------------------------------
PostgreSQL 13.2 on x86_64-apple-darwin20.3.0, compiled by Apple clang version 11.0.0 (clang-1100.0.33.17), 64-bit
(1 row)

Steps to reproduce the bug:

Compile and install postgres 13.2
./configure --prefix=${INSTALL_PATH} --with-openssl --with-uuid=e2fs --with-perl --with-python --with-tcl
make install-world
Mark “bloom” extension as trusted
Add “trusted = true” to “bloom.control” file located in ${INSTALL_PATH}/share/extension/
Contents of bloom.control file after adding
# bloom extension
comment = 'bloom access method - signature file based index'
default_version = '1.0'
module_pathname = '$libdir/bloom'
relocatable = true
trusted = true
Run the below commands in PSQL client (attaching the commands with output)

test_db=> create extension bloom;
CREATE EXTENSION
test_db=> drop extension bloom;
ERROR: 42501: must be superuser to drop access methods
LOCATION: RemoveAccessMethodById, amcmds.c:130

Expected:

As the extension is marked as TRUSTED, if superuser privilege is not necessary during the “create extension” then superuser privilege should not be required when the owner of the extension drops it.

Why this expectation:

According to the documentation referred here
https://www.postgresql.org/docs/current/sql-createextension.html <https://www.postgresql.org/docs/current/sql-createextension.html> the following is observed.

“””
The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of later privilege checks, and normally also becomes the owner of any objects created by the extension's script.
“””

if the user is the owner of the extension then it is expected that the access methods created during the extension installation should be under the same user’s ownership and there should not be an error when dropping the extension.

Thank you,

Best,
Harinath

Browse pgsql-bugs by date

  From Date Subject
Next Message David Rowley 2021-05-20 23:05:21 Re: ResultCache cache error: "cache entry already complete" in 14beta1
Previous Message David Rowley 2021-05-20 22:22:06 Re: ResultCache cache error: "cache entry already complete" in 14beta1