Thread: Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int

Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int

From
Laurenz Albe
Date:
On Tue, 2021-08-24 at 06:21 +0000, Li EF Zhang wrote:
> dict_int is trusted extension in pg13. After creating dict_int extension with
> unprivileged user, ALTER TEXT SEARCH DICTIONARY intdict ((MAXLEN = 7) failed.
>  
> admin=> ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = 7);
> ERROR:  must be owner of text search dictionary intdict
>  
> This is by design or a bug? Thanks!

You must be the owner of an object to ALTER it.  That is working as designed.

It is a bad idea to ALTER an object that belongs to an extension.
The next ALTER EXTENSION ... UPDATE may undo the change or fail.

Create your own dictionary with the same template.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com




Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int

From
"David G. Johnston"
Date:
On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzhangl@cn.ibm.com> wrote:
Thanks for your answer. My doubt is that since an ordinary user creates the extension, shouldn't be this user the owner of the objects created within the extension?

While that is a possible implementation choice, that isn't what was chosen.


"This configuration gives the calling user the right to drop the extension, but not to modify individual objects within it."

"trust" just solves the "lets not require an actual superuser to install a superuser requiring extension" problem, if that extension is deemed safe to use in that manner by its author.

David J.

"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzhangl@cn.ibm.com> wrote:
>> Thanks for your answer. My doubt is that since an ordinary user creates
>> the extension, shouldn't be this user the owner of the objects created
>> within the extension?

> While that is a possible implementation choice, that isn't what was chosen.

Let's be clear here: that is not some random implementor's decision.
That is *necessary*, else the feature is completely insecure.

The example given at the top of the thread isn't especially
security-relevant, but there are a lot of other possible ALTER commands
that are.  For example, an ordinary user granted ownership of a
"C"-language function can easily modify it in a way that allows her to
gain full control of the installation.  So we cannot implement trusted
extensions by allowing the user requesting the install to own the
individual objects within the extension.

            regards, tom lane



Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int

From
"David G. Johnston"
Date:
On Tue, Aug 24, 2021 at 9:20 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzhangl@cn.ibm.com> wrote:
>> Thanks for your answer. My doubt is that since an ordinary user creates
>> the extension, shouldn't be this user the owner of the objects created
>> within the extension?

> While that is a possible implementation choice, that isn't what was chosen.

Let's be clear here: that is not some random implementor's decision.
That is *necessary*, else the feature is completely insecure.


Fair.  Additionally, an extension that wishes for ordinary users to perform limited configuration can always supply a security definer function to facilitate such a change.  Though I'm unsure how/if it would go about arranging role permissions without requiring a superuser.

David J.