Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jeremy Drake <pgsql(at)jdrake(dot)com>
Cc: Martijn van Oosterhout <kleptog(at)svana(dot)org>, Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch
Date: 2007-01-25 00:50:58
Message-ID: 12494.1169686258@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Jeremy Drake <pgsql(at)jdrake(dot)com> writes:
> On Wed, 24 Jan 2007, Tom Lane wrote:
>> that there really needs to be *some* sort of privilege check here.
>> What that is and how to implement it are the hard parts.

> So I guess it depends on what you mean by "DBA".  Perhaps the database
> owner?  Or some new privilege type (GRANT CREATE ON LANGUAGE ...? Or GRANT
> CREATE LANGUAGE ON DATABASE...?) that the db owner has by default?

Not the DB owner.  If you are worried about whether to allow use of PLs
it's almost certainly an installation-wide security concern, so I'd say
that the privilege has to flow from a superuser.

GRANT CREATE ON LANGUAGE feeding into a flag bit in pltemplate would
work, if restricted to superusers, but I suspect people would find this
confusing because it'd work completely differently from GRANT USAGE ON
LANGUAGE (eg, because the latter has only database-local effects).
Might be better to use a different syntax.

Note I'm not arguing against allowing it to be "on" by default, I just
want to be sure there is a way for paranoid DBAs to turn it off.  Maybe
it'd be sufficient if the flag bit was there but "UPDATE pg_pltemplate"
was the only way to manipulate it --- we've gotten along with treating
datistemplate and datallowconn that way.

Or we could go the full nine yards and add ACLs to pltemplate, but
that's probably overkill.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Jeremy DrakeDate: 2007-01-25 01:04:19
Subject: Re: [HACKERS] unprivileged contrib and pl install
Previous:From: Jeremy DrakeDate: 2007-01-25 00:37:43
Subject: Re: [HACKERS] unprivileged contrib and pl install

pgsql-patches by date

Next:From: Jeremy DrakeDate: 2007-01-25 01:04:19
Subject: Re: [HACKERS] unprivileged contrib and pl install
Previous:From: Jeremy DrakeDate: 2007-01-25 00:37:43
Subject: Re: [HACKERS] unprivileged contrib and pl install

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group