Re: Configurable location for extension .control files - Mailing list pgsql-hackers

From Josh Berkus
Subject Re: Configurable location for extension .control files
Date
Msg-id 51AF8C8C.9090506@agliodbs.com
Whole thread Raw
In response to Configurable location for extension .control files  (Oliver Charles <ollie@ocharles.org.uk>)
List pgsql-hackers
Tom,

> Yeah, if the config option were to be superuser-only, the security issue
> would be ameliorated --- not removed entirely, IMO, but at least
> weakened.  However, this seems to me to be missing the point, which is
> that the extensions feature is designed to let the DBA have control over
> which extensions are potentially installable.  If we allow extension
> control files to be loaded from any random directory then we lose that.
> Part of the argument for not requiring superuser permissions to execute
> CREATE EXTENSION was based on that restriction, so we'd need to go back
> and rethink the permissions needed for CREATE EXTENSION.

I do see the utility in having the extension folder relocatable by
packagers; I could really use this for vagrant builds of PostgreSQL,
which I use for testing.  Right now I do a lot of file copying of .so
files.  In my case, though, I only need to change the whole extension
folder location, I don't need to have multiple locations, a dirpath, or
anything sophisticated.  That is, a super-user, cold-start only option
of "extension_path='/vagrant/extensions/'" would work for my case, and I
suspect most packaging cases as well.

This seems like it would work for Oliver's case.  And I don't see how
making the folder relocatable as an on-start option hurts our security
at all; we're simply doing something which the same user could do with
symlinks, only much more neatly.

-- 
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com



pgsql-hackers by date:

Previous
From: Heikki Linnakangas
Date:
Subject: Re: Redesigning checkpoint_segments
Next
From: Kevin Grittner
Date:
Subject: Re: Redesigning checkpoint_segments