Re: Make bloom extension trusted, but can not drop with normal user

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: Make bloom extension trusted, but can not drop with normal user
Дата
Msg-id CAKFQuwYodTMYx45rUkN7BFSNVOaNnhO+kMojspkz_yYo=m0pLg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Make bloom extension trusted, but can not drop with normal user  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Make bloom extension trusted, but can not drop with normal user  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: Make bloom extension trusted, but can not drop with normal user  (Adrian Klaver <adrian.klaver@aklaver.com>)
Список pgsql-general
Дерево обсуждения
On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
"Li EF Zhang" <bjzhangl@cn.ibm.com> writes:
> Since pg13 support trusted extension, so I changed control file of bloom and make it trusted.

The fact that you can edit the file that way doesn't make it a supported
case.


Why does that matter here though?  This isn't a question about a security violation, it's one about the basic premise that a trusted extension is owned by the creating user and thus can be dropped by them.  During installation, a trusted user is permitted to perform superuser actions by virtue of the trusted flag.  Since they are allowed to drop their own extension it is at least plausible to assume that upon doing so the dropping would be done as a superuser as well.  That this is not the case doesn't seem to be documented nor, going from the commit message for the feature, does it seem intentional.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: "David G. Johnston"
Дата:
Сообщение: Re: Make bloom extension trusted, but can not drop with normal user
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Make bloom extension trusted, but can not drop with normal user