Re: Security lessons from liblzma

On Apr 1, 2024, at 06:55, walther(at)technowledgy(dot)de wrote:

> Also a configurable directoy to look up extensions, possibly even to be changed at run-time like [2]. The patch says this:
>
>> This directory is prepended to paths when loading extensions (control and SQL files), and to the '$libdir' directive when loading modules that back functions. The location is made configurable to allow build-time testing of extensions that do not have been installed to their proper location yet.
>
> This seems like a great thing to have. This might also be relevant in light of recent discussions in the ecosystem around extension management.
>
> All the path-related issues have in common, that while it's easy to move files around to their proper locations later, they all need to adjust pg_config's output.

Funny timing, I was planning to resurrect this old patch[1] and propose that patch this week. One of motivators is the increasing use of Docker images in Kubernetes to run Postgres, where there’s a desire to keep the core service and extensions immutable, and to have a second directory mounted to a persistent volume into which other extensions can be installed and preserved independently of the Docker image.

The current approach involves symlinking shenanigans[2] that complicate things pretty substantially, making it more difficult to administer. A second directory fit for purpose would be far better.

There are some other motivators, so I’ll do some additional diligence and start a separate thread (or reply to the original[3]).

Best,

David

[1] https://commitfest.postgresql.org/5/170/
[2] https://speakerdeck.com/ongres/postgres-extensions-in-kubernetes?slide=14
[3] https://www.postgresql.org/message-id/flat/51AE0845.8010600%40ocharles.org.uk