Re: Feature Request on Extensions

From: Hannu Krosing <hannu(at)2ndQuadrant(dot)com>
To: Steven Citron-Pousty <spousty(at)redhat(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, "shifters(at)redhat(dot)com shifters" <shifters(at)redhat(dot)com>, Matthew Hicks <mhicks(at)redhat(dot)com>, Hirotsugu Asari <hasari(at)redhat(dot)com>, Adam Miller <admiller(at)redhat(dot)com>
Subject: Re: Feature Request on Extensions
Date: 2013-08-18 09:36:51
Message-ID: 521095B3.80107@2ndQuadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 08/17/2013 11:53 PM, Steven Citron-Pousty wrote:
> Greetings all:
> I spoke to Josh B and company at OSCON about a feature we really need
> for PostgreSQL extensions on OpenShift (Red Hat's Platform as a
> Service).
>
> What we need is the ability for Postgresql to load extensions from a
> users file space.
There were objections earlier against loading anything "binary" from
a directory not being writable by root only.

But allowing loading modules from the directory of the user the server
runs as (usually postgres, but could be any system user other than root)
seems like a really good idea.

I can not see how this would create any additional security problems,
as the user can already do anything that user can do. adding postgresql
binary in this mix running as the same user can not possibly add any
new security concerns.

If anybody can point out something I overlook here, please do so!

Cheers

--
Hannu Krosing
PostgreSQL Consultant
Performance, Scalability and High Availability
2ndQuadrant Nordic OÜ

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stefan Kaltenbrunner 2013-08-18 11:05:04 CREATE FUNCTION .. SET vs. pg_dump
Previous Message Nicolas Barbier 2013-08-18 08:22:00 Re: Chinese in Postgres