Re: Configurable location for extension .control files

On 2013-06-10 10:39:48 -0400, Tom Lane wrote:
> Andres Freund <andres@2ndquadrant.com> writes:
> > On 2013-06-10 10:13:45 -0400, Tom Lane wrote:
> >> More generally, it seems pretty insane to me to want to configure a
> >> "trusted" PG installation so that it can load C code from an untrusted
> >> place.  The trust level cannot be any higher than the weakest link.
> >> Thus, I don't see a scenario in which any packager would ship binaries
> >> using such an option, even if it existed.
> 
> > I fail to see the logic here.
> 
> You are confusing location in the filesystem with permissions.  Assuming
> that a sysadmin wants to allow, say, the postgres DBA to install random
> extensions, all he has to do is adjust the permissions on the .../extension
> directory to allow that (or not).  Putting the extension directory
> somewhere else doesn't change that meaningfully, it just makes things
> more confusing and hence error-prone.

That's different because that a) effects all clusters on the machine and
b) will get reversed by package management on the next update.

> In any case, no packager is going to ship an insecure-by-default
> configuration, which is what Dimitri seems to be fantasizing would
> happen.  It would have to be local option to relax the permissions
> on the directory, no matter where it is.

*I* don't want that at all. All I'd like to have is a postgresql.confoption specifying additional locations.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services