From: | Jeremy Drake <pgsql(at)jdrake(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] unprivileged contrib and pl install |
Date: | 2007-01-25 01:04:19 |
Message-ID: | Pine.BSO.4.64.0701241659030.23712@resin.csoft.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
On Wed, 24 Jan 2007, Tom Lane wrote:
> Not the DB owner. If you are worried about whether to allow use of PLs
> it's almost certainly an installation-wide security concern, so I'd say
> that the privilege has to flow from a superuser.
>
> GRANT CREATE ON LANGUAGE feeding into a flag bit in pltemplate would
> work, if restricted to superusers, but I suspect people would find this
> confusing because it'd work completely differently from GRANT USAGE ON
> LANGUAGE (eg, because the latter has only database-local effects).
> Might be better to use a different syntax.
I had thought that it would be database-local, but I understand now that
it makes more sense to be global.
>
> Note I'm not arguing against allowing it to be "on" by default, I just
> want to be sure there is a way for paranoid DBAs to turn it off. Maybe
> it'd be sufficient if the flag bit was there but "UPDATE pg_pltemplate"
> was the only way to manipulate it --- we've gotten along with treating
> datistemplate and datallowconn that way.
That sounds reasonable to me. I'll try to put together a patch like this
(adding a boolean column to pg_pltemplate) and see if this is acceptable.
I assume that only superusers can modify pg_pltemplate already ;)
> Or we could go the full nine yards and add ACLs to pltemplate, but
> that's probably overkill.
Agreed.
--
He thought he saw an albatross
That fluttered 'round the lamp.
He looked again and saw it was
A penny postage stamp.
"You'd best be getting home," he said,
"The nights are rather damp."
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-01-25 01:19:50 | Re: [pgsql-patches] unprivileged contrib and pl install (formerly tsearch |
Previous Message | Tom Lane | 2007-01-25 00:50:58 | Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-01-25 01:19:50 | Re: [pgsql-patches] unprivileged contrib and pl install (formerly tsearch |
Previous Message | Tom Lane | 2007-01-25 00:50:58 | Re: [HACKERS] unprivileged contrib and pl install (formerly tsearch |