Re: Where to load modules from?

On 2013-09-14 22:15:58 +0200, Dimitri Fontaine wrote:
> The way they make that safe is by using cgroups and SELinux, IIUC.
>
> We can attack the problem in several ways:
>
>   - have an initdb switch to tweak the library path per cluster,

That sounds like an utterly horrible idea without any advantages.

>   - have a superuser-only GUC to tweak the library path,

Hm. I think we might want to make it a PGC_POSTMASTER/postgresql.conf
variable instead. Is that stopping usecases of yours?

That's what I vote for.

>   - consider on-disk extension as templates and move their module files
>     somewhere private in $PGDATA and load the code from there

I don't understand what that does to address the security concerns.

>     That would allow OS upgrades not to impact running instances until
>     they do ALTER EXTENSION UPDATE; and allowing co-existence of
>     different versions of the same extension in different clusters of
>     the same major version, and maybe in separate databases of the same
>     cluster in some cases (depends on the extension's module specifics),

And it would be an upgrade nightmare.

> This proposal comes with no patch because I think we are able to
> understand it without that, so that it would only be a waste of
> everybody's time to attach code for a random solution on the list here
> to that email. Or consider that the fourth point is currently the only
> one addressed in this very proposal…

Yea, the code issue seem to be small here.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services