Re: Configurable location for extension .control files - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Configurable location for extension .control files
Date
Msg-id 2237.1370373024@sss.pgh.pa.us
Whole thread Raw
In response to Re: Configurable location for extension .control files  (Josh Berkus <josh@agliodbs.com>)
List pgsql-hackers
Josh Berkus <josh@agliodbs.com> writes:
> On 06/04/2013 10:25 AM, Tom Lane wrote:
>> Basically, none of those are likely to get accepted because of security
>> concerns.  We *don't* want this path to be run-time adjustable.

> Really?  I don't see a security concern in having a postgresql.conf
> option which requires a full restart.  If the user can edit
> postgresql.conf and do a cold restart, presumably they can do anything
> they want anyway.

Yeah, if the config option were to be superuser-only, the security issue
would be ameliorated --- not removed entirely, IMO, but at least
weakened.  However, this seems to me to be missing the point, which is
that the extensions feature is designed to let the DBA have control over
which extensions are potentially installable.  If we allow extension
control files to be loaded from any random directory then we lose that.
Part of the argument for not requiring superuser permissions to execute
CREATE EXTENSION was based on that restriction, so we'd need to go back
and rethink the permissions needed for CREATE EXTENSION.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Kohei KaiGai
Date:
Subject: RFC: ExecNodeExtender
Next
From: Andres Freund
Date:
Subject: Re: Configurable location for extension .control files