Re: Make bloom extension trusted, but can not drop with normal user

On 8/24/21 7:40 AM, David G. Johnston wrote:
> On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us
> <mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us>> wrote:
>
> "Li EF Zhang" <bjzhangl(at)cn(dot)ibm(dot)com <mailto:bjzhangl(at)cn(dot)ibm(dot)com>> writes:
> > Since pg13 support trusted extension, so I changed control file
> of bloom and make it trusted.
>
> The fact that you can edit the file that way doesn't make it a supported
> case.
>
>
> Why does that matter here though?  This isn't a question about a
> security violation, it's one about the basic premise that a trusted
> extension is owned by the creating user and thus can be dropped by
> them.  During installation, a trusted user is permitted to perform
> superuser actions by virtue of the trusted flag.  Since they are allowed
> to drop their own extension it is at least plausible to assume that upon
> doing so the dropping would be done as a superuser as well.  That this
> is not the case doesn't seem to be documented nor, going from the commit
> message for the feature, does it seem intentional.

To me the issue is that the extension was modified to trusted by an end
user not the extension author. I gotta believe there is more to the
trusted then a flag in the control file. It would not be surprising to
me that an ad hoc modification would fail.

>
> David J.
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com