Re: [PATCH] New predefined role pg_manage_extensions
Jelte Fennema-Nio <postgres@jeltef.nl>
From: Jelte Fennema-Nio <postgres@jeltef.nl>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Michael Banck <mbanck@gmx.net>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-03-07T14:02:15Z
Lists: pgsql-hackers
On Fri, 7 Mar 2025 at 14:58, Robert Haas <robertmhaas@gmail.com> wrote: > I see that Jelte walked this comment back, but I think this issue > needs more discussion. I'm not intrinsically against having a role > like pg_execute_server_programs that allows escalation to superuser, > but I don't see how it would help a cloud provider whose goal is to > NOT allow administrators to escalate to superuser. > > What am I missing? The reason why I walked back my comment was that cloud providers can simply choose which extensions they actually add to the image. If an extension is marked as not trusted by the author, then with this role they can still choose to add it without having to make changes to the control file if they think it's "secure enough".
Commits
-
Apply quotes more consistently to GUC names in logs
- 8d9978a7176a 17.0 cited