Re: Marking some contrib modules as trusted extensions - Mailing list pgsql-hackers

From Andres Freund
Subject Re: Marking some contrib modules as trusted extensions
Date
Msg-id 20200213233015.r6rnubcvl4egdh5r@alap3.anarazel.de
Whole thread Raw
In response to Marking some contrib modules as trusted extensions  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Marking some contrib modules as trusted extensions
List pgsql-hackers
Hi,

On 2020-01-29 14:41:16 -0500, Tom Lane wrote:
> pgcrypto

FWIW, given the code quality, I'm doubtful about putting itq into the trusted
section.


Have you audited how safe the create/upgrade scripts are against being
used to elevate privileges?

Especially with FROM UNPACKAGED it seems like it'd be fairly easy to get
an extension script to do dangerous things (as superuser). One could
just create pre-existing objects that have *not* been created by a
previous version, and some upgrade scripts would do pretty weird
stuff. There's several that do things like updating catalogs directly
etc.  It seems to me that FROM UNPACKAGED shouldn't support trusted.

Regards,

Andres Freund



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Extension ownership and misuse of SET ROLE/SET SESSION AUTHORIZATION
Next
From: Justin Pryzby
Date:
Subject: Re: error context for vacuum to include block number