Skip site navigation (1) Skip section navigation (2)

Re: why local_preload_libraries does require a separate directory ?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Tomas Vondra <tv(at)fuzzy(dot)cz>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: why local_preload_libraries does require a separate directory ?
Date: 2011-12-03 17:53:19
Message-ID: 17337.1322934799@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Tomas Vondra <tv(at)fuzzy(dot)cz> writes:
> why the libraries loaded using local_preload_libraries need to be placed
> in a different subdirectory than libraries loaded using
> shared_preload_libraries?

Security: it lets the DBA constrain which libraries are loadable this way.

> I do understand that leaving the users to load whatever libraries they
> want is a bad idea, but when the library is loaded from postgresql.conf
> it should be safe.

We don't have a mechanism that would allow different limitations to be
placed on a GUC variable depending on where the value came from.
To do what you're proposing would require restricting
local_preload_libraries to be superuser-only, which would be a net
decrease in functionality.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Andres FreundDate: 2011-12-03 18:17:14
Subject: Re: Command Triggers
Previous:From: Peter EisentrautDate: 2011-12-03 17:27:32
Subject: Re: psql line number reporting from stdin

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group