Thread: permission denied to create extension "ltree" Must be superuser to create this extension.

psql (9.1.2)

CREATE EXTENSION ltree;
ERROR:  permission denied to create extension "ltree"
HINT:  Must be superuser to create this extension.

Why does ltree require superuser privledge? Is it dangerous and allow
circumventing server security? No mention of this in manual so it is
either documentation problem or a too strict check problem. Which one
is that?

On Sat, Mar 10, 2012 at 7:57 AM, krzf83@gmail.com <krzf83@gmail.com> wrote:
> Why does ltree require superuser privledge? Is it dangerous and allow

CREATE EXTENSION must be run by superusers only.

> circumventing server security? No mention of this in manual so it is

There is a mention here http://www.postgresql.org/docs/9.1/static/contrib.html

> either documentation problem or a too strict check problem. Which one
> is that?
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general



--
Sergey Konoplev

Blog: http://gray-hemp.blogspot.com
LinkedIn: http://ru.linkedin.com/in/grayhemp
JID/GTalk: gray.ru@gmail.com Skype: gray-hemp

Ok, but can someone comment, document something on security of
installing extensions for normal users? Does allowing access to
extension provides a way to circumvent security model? If not why
can't it be allowed for user installations (provided that extension
was previously allowed in some conf file)?

On Wed, Mar 14, 2012 at 9:28 PM, krzf83@gmail.com <krzf83@gmail.com> wrote:
> Ok, but can someone comment, document something on security of
> installing extensions for normal users? Does allowing access to
> extension provides a way to circumvent security model? If not why
> can't it be allowed for user installations (provided that extension
> was previously allowed in some conf file)?
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general

Extensions can be written in C, to me that seems like enough reason...

Year has passed and still no answer here or in documentation. I wonder
if I get to live that long so I can find out answer.

On 02/11/2013 03:15 PM, krzf83@gmail.com wrote:
> Year has passed and still no answer here or in documentation. I wonder
> if I get to live that long so I can find out answer.

As far as I know your question was answered previously. ltree uses C
functions and they need to be installed by a superuser as they could  be
a security risk.

>
>


--
Adrian Klaver
adrian.klaver@gmail.com

On 2/11/2013 3:15 PM, krzf83@gmail.com wrote:
> Year has passed and still no answer here or in documentation. I wonder
> if I get to live that long so I can find out answer.

answer to what question?

this message didn't thread onto anything in my list history (goes back
3-4 months), and your subject is simply a quote of an error message.
the error message seems self-explanatory.



--
john r pierce                                      37N 122W
somewhere on the middle of the left coast

krzf83@gmail.com  escribi=F3:
> Year has passed and still no answer here or in documentation. I wonder
> if I get to live that long so I can find out answer.

The question was:

> Ok, but can someone comment, document something on security of
> installing extensions for normal users? Does allowing access to
> extension provides a way to circumvent security model? If not why
> can't it be allowed for user installations (provided that extension
> was previously allowed in some conf file)?

I see you got some answers, but they weren't fully correct.  Really,
CREATE EXTENSION can be run by any user, no special privileges
necessary; but all commands inside the extension script will go through
the normal privilege checks, so if you're not superuser you will not be
able to install extensions that try to install C-language functions, for
example.  The documentation for CREATE EXTENSION does say this, so I'm
not sure what else you want.  Quoth that page:

    Loading an extension requires the same privileges that would be required=
 to
    create its component objects. For most extensions this means superuser o=
r
    database owner privileges are needed. The user who runs CREATE EXTENSION
    becomes the owner of the extension for purposes of later privilege check=
s, as
    well as the owner of any objects created by the extension's script.
http://www.postgresql.org/docs/current/static/sql-createextension.html

What we don't yet have is something that was proposed some time ago: the
possibility of "whitelisting" extensions so that any database owner
is able to install it regardless of privileges.

--=20
=C1lvaro Herrera                http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services