| From: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Michael Banck <mbanck(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] New predefined role pg_manage_extensions |
| Date: | 2025-03-07 14:02:15 |
| Message-ID: | CAGECzQRjkyiQ9b4vB2UDwppX4T3_SNhjYxMog4jxCSc6PEPKag@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 7 Mar 2025 at 14:58, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> I see that Jelte walked this comment back, but I think this issue
> needs more discussion. I'm not intrinsically against having a role
> like pg_execute_server_programs that allows escalation to superuser,
> but I don't see how it would help a cloud provider whose goal is to
> NOT allow administrators to escalate to superuser.
>
> What am I missing?
The reason why I walked back my comment was that cloud providers can
simply choose which extensions they actually add to the image. If an
extension is marked as not trusted by the author, then with this role
they can still choose to add it without having to make changes to the
control file if they think it's "secure enough".
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Srirama Kucherlapati | 2025-03-07 14:11:43 | RE: AIX support |
| Previous Message | Robert Haas | 2025-03-07 13:57:50 | Re: [PATCH] New predefined role pg_manage_extensions |