| From: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: glob support in extension_control_path/dynamic_library_path? |
| Date: | 2026-06-25 17:38:50 |
| Message-ID: | CAN4CZFMsqRGZ=P-axY_LeeLyRNvj9R6GPF1skL=SjEtB=bJyhQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> What’s the disadvantage, exactly? Sure, an attacker could stick a new directory in the wild-carded path and it will suddenly be available, but they can also just stick a dynamic library in any directory in a dynamic_library_path and it’ll be available. How is a wild carded directory worse than the current wildcarding, essentially, of DSOs and control files?
My main concern is observability: if you have a single directory, or a
list of directories, it is clearly visible, it is relatively easy to
argue about who can create files where. When we start adding wildcards
anywhere on the path, and we can also have symlinks anywhere, it gets
more difficult.
Providing admins a way to see the currently active paths, and also
possibly making it fixed between config reloads could mitigate most of
that.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sami Imseih | 2026-06-25 17:38:56 | Re: [PATCH] COPY TO FORMAT json: respect column list order |
| Previous Message | Jeff Davis | 2026-06-25 17:38:40 | Re: Small patch to improve safety of utf8_to_unicode(). |