Re: RFC: Additional Directory for Extensions

From: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: "David E(dot) Wheeler" <david(at)justatheory(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: RFC: Additional Directory for Extensions
Date: 2024-04-03 07:13:01
Message-ID: 202404030713.4tjlen4bkpla@alvherre.pgsql
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 2024-Apr-02, David E. Wheeler wrote:

> That quotation comes from this Debian patch[2] maintained by Christoph
> Berg. I’d like to formally propose integrating this patch into the
> core. And not only because it’s overhead for package maintainers like
> Christoph, but because a number of use cases have emerged since we
> originally discussed something like this back in 2013[3]:

I support the idea of there being a second location from where to load
shared libraries ... but I don't like the idea of making it
runtime-configurable. If we want to continue to tighten up what
superuser can do, then one of the things that has to go away is the
ability to load shared libraries from arbitrary locations
(dynamic_library_path). I think we should instead look at making those
locations hardcoded at compile time. The packager can then decide where
those things go, and the superuser no longer has the ability to load
arbitrary code from arbitrary locations.

--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
Al principio era UNIX, y UNIX habló y dijo: "Hello world\n".
No dijo "Hello New Jersey\n", ni "Hello USA\n".

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message jian he 2024-04-03 07:15:57 Re: remaining sql/json patches
Previous Message Alvaro Herrera 2024-04-03 06:58:41 Re: [HACKERS] make async slave to wait for lsn to be replayed