Re: why local_preload_libraries does require a separate directory ? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: why local_preload_libraries does require a separate directory ?
Date
Msg-id 17337.1322934799@sss.pgh.pa.us
Whole thread Raw
In response to why local_preload_libraries does require a separate directory ?  (Tomas Vondra <tv@fuzzy.cz>)
Responses Re: why local_preload_libraries does require a separate directory ?
List pgsql-hackers
Tomas Vondra <tv@fuzzy.cz> writes:
> why the libraries loaded using local_preload_libraries need to be placed
> in a different subdirectory than libraries loaded using
> shared_preload_libraries?

Security: it lets the DBA constrain which libraries are loadable this way.

> I do understand that leaving the users to load whatever libraries they
> want is a bad idea, but when the library is loaded from postgresql.conf
> it should be safe.

We don't have a mechanism that would allow different limitations to be
placed on a GUC variable depending on where the value came from.
To do what you're proposing would require restricting
local_preload_libraries to be superuser-only, which would be a net
decrease in functionality.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: psql line number reporting from stdin
Next
From: Andres Freund
Date:
Subject: Re: Command Triggers