Re: Make bloom extension trusted, but can not drop with normal user

On 8/24/21 7:40 AM, David G. Johnston wrote:
> On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl@sss.pgh.pa.us 
> <mailto:tgl@sss.pgh.pa.us>> wrote:
> 
>     "Li EF Zhang" <bjzhangl@cn.ibm.com <mailto:bjzhangl@cn.ibm.com>> writes:
>      > Since pg13 support trusted extension, so I changed control file
>     of bloom and make it trusted.
> 
>     The fact that you can edit the file that way doesn't make it a supported
>     case.
> 
> 
> Why does that matter here though?  This isn't a question about a 
> security violation, it's one about the basic premise that a trusted 
> extension is owned by the creating user and thus can be dropped by 
> them.  During installation, a trusted user is permitted to perform 
> superuser actions by virtue of the trusted flag.  Since they are allowed 
> to drop their own extension it is at least plausible to assume that upon 
> doing so the dropping would be done as a superuser as well.  That this 
> is not the case doesn't seem to be documented nor, going from the commit 
> message for the feature, does it seem intentional.

To me the issue is that the extension was modified to trusted by an end 
user not the extension author. I gotta believe there is more to the 
trusted then a flag in the control file. It would not be surprising to 
me that an ad hoc modification would fail.

> 
> David J.
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com