krz...@gmail.com escribió:
> Year has passed and still no answer here or in documentation. I wonder
> if I get to live that long so I can find out answer.
The question was:
> Ok, but can someone comment, document something on security of
> installing extensions for normal users? Does allowing access to
> extension provides a way to circumvent security model? If not why
> can't it be allowed for user installations (provided that extension
> was previously allowed in some conf file)?
I see you got some answers, but they weren't fully correct. Really,
CREATE EXTENSION can be run by any user, no special privileges
necessary; but all commands inside the extension script will go through
the normal privilege checks, so if you're not superuser you will not be
able to install extensions that try to install C-language functions, for
example. The documentation for CREATE EXTENSION does say this, so I'm
not sure what else you want. Quoth that page:
Loading an extension requires the same privileges that would be
required to
create its component objects. For most extensions this means superuser
or
database owner privileges are needed. The user who runs CREATE EXTENSION
becomes the owner of the extension for purposes of later privilege
checks, as
well as the owner of any objects created by the extension's script.
http://www.postgresql.org/docs/current/static/sql-createextension.html
What we don't yet have is something that was proposed some time ago: the
possibility of "whitelisting" extensions so that any database owner
is able to install it regardless of privileges.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
