Re: Make bloom extension trusted, but can not drop with normal user

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Li EF Zhang <bjzhangl(at)cn(dot)ibm(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: Make bloom extension trusted, but can not drop with normal user
Date: 2021-08-24 14:40:24
Message-ID: CAKFQuwYodTMYx45rUkN7BFSNVOaNnhO+kMojspkz_yYo=m0pLg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> "Li EF Zhang" <bjzhangl(at)cn(dot)ibm(dot)com> writes:
> > Since pg13 support trusted extension, so I changed control file of bloom
> and make it trusted.
>
> The fact that you can edit the file that way doesn't make it a supported
> case.
>
>
Why does that matter here though? This isn't a question about a security
violation, it's one about the basic premise that a trusted extension is
owned by the creating user and thus can be dropped by them. During
installation, a trusted user is permitted to perform superuser actions by
virtue of the trusted flag. Since they are allowed to drop their own
extension it is at least plausible to assume that upon doing so the
dropping would be done as a superuser as well. That this is not the case
doesn't seem to be documented nor, going from the commit message for the
feature, does it seem intentional.

David J.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2021-08-24 15:15:59 Re: Make bloom extension trusted, but can not drop with normal user
Previous Message David G. Johnston 2021-08-24 14:26:41 Re: Make bloom extension trusted, but can not drop with normal user