Re: Marking some contrib modules as trusted extensions

Поиск
Список
Период
Сортировка
От Andres Freund
Тема Re: Marking some contrib modules as trusted extensions
Дата
Msg-id 20200213233015.r6rnubcvl4egdh5r@alap3.anarazel.de
обсуждение исходный текст
Ответ на Marking some contrib modules as trusted extensions  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Marking some contrib modules as trusted extensions  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
Hi,

On 2020-01-29 14:41:16 -0500, Tom Lane wrote:
> pgcrypto

FWIW, given the code quality, I'm doubtful about putting itq into the trusted
section.


Have you audited how safe the create/upgrade scripts are against being
used to elevate privileges?

Especially with FROM UNPACKAGED it seems like it'd be fairly easy to get
an extension script to do dangerous things (as superuser). One could
just create pre-existing objects that have *not* been created by a
previous version, and some upgrade scripts would do pretty weird
stuff. There's several that do things like updating catalogs directly
etc.  It seems to me that FROM UNPACKAGED shouldn't support trusted.

Regards,

Andres Freund

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Extension ownership and misuse of SET ROLE/SET SESSION AUTHORIZATION
Следующее
От: Justin Pryzby
Дата:
Сообщение: Re: error context for vacuum to include block number