From: | Jeremy Drake <pgsql(at)jdrake(dot)com> |
---|---|
To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
Cc: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch |
Date: | 2007-01-25 00:09:01 |
Message-ID: | Pine.BSO.4.64.0701241600080.23712@resin.csoft.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
On Wed, 24 Jan 2007, Jeremy Drake wrote:
> On Wed, 24 Jan 2007, Martijn van Oosterhout wrote:
>
> > Something I've wondered about before is the concept of having installed
> > Modules in the system. Let's say for example that while compiling
> > postgres it compiled the modules in contrib also and installed them in
> > a modules directory.
> >
> > Once installed there, unpriviledged users could say "INSTALL foo" and
> > it would install the module, even if they do not have the permissions
> > to create them themselves.
>
> That would be great, and also it would be great to be able to CREATE
> LANGUAGE as a regular user for a trusted pl that is already
> compiled/installed.
Something like the attached (simple) change to allow CREATE LANGUAGE by
unprivileged users for trusted languages already present in pg_pltemplate.
I'm not quite sure how one would go about doing the module thing, I think
that would be more complex. Something simple like allowing creation of C
language functions in libraries in $libdir would probably not be
sufficient, because an unprivileged user could create functions that have
the wrong paramters or return values and crash things pretty good that
way. Any ideas how this would work? Perhaps a sql script in
sharedir could be run by the backend as though by a superuser...
--
Ed Sullivan will be around as long as someone else has talent.
-- Fred Allen
Attachment | Content-Type | Size |
---|---|---|
createlang_perm_change.patch | text/plain | 1.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-01-25 00:20:00 | Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch |
Previous Message | Tom Lane | 2007-01-24 23:55:49 | Re: New feature proposal |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-01-25 00:20:00 | Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch |
Previous Message | Jeremy Drake | 2007-01-24 23:15:36 | Re: tsearch in core patch, for inclusion |