Tom Lane wrote:
This is actually in direct contradiction to the original intent of the plugins/ subdirectory, which was that it only contain libraries that the local administrator had decided to consider safe and put there manually. Since the normal superuser-only restrictions for library loading are bypassed for stuff in plugins/, there's a nontrivial risk of security problems if stuff just gets put there willy-nilly.
By what process or criteria is a local administrator supposed to evaluate whether a module is safe? (I could make up one, but does one exist now?)
Moreover, this mechanism appears to be pretty evil towards packaging systems. You don't really want to make administrators move files around that are under package manager control. A system table or variable that lists safe modules would be friendlier, iff you really want to have this under local administrator control.
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
