Re: [PATCH] New predefined role pg_manage_extensions
Shinya Kato <shinya11.kato@gmail.com>
From: Shinya Kato <shinya11.kato@gmail.com>
To: Michael Banck <mbanck@gmx.net>
Cc: Kirill Reshke <reshkekirill@gmail.com>,
Jelte Fennema-Nio <postgres@jeltef.nl>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-01-16T07:09:44Z
Lists: pgsql-hackers
On Thu, Jan 16, 2025 at 3:31 PM Michael Banck <mbanck@gmx.net> wrote: I agree with this idea. I think it is natural to delegate a part of superuser privileges to another role because superuser privilege is too strong. > > In general, this concept is rather dubious. Why should we have such a > > dangerous pre-defined role? > > Well, I would say pg_execute_server_program could be regarded as a > precedent. Exactly. pg_execute_server_program can escalate to superuser privileges, so pg_manage_extensions is not the only dangerous pre-defined role. > I do think having a whitelist of allowed-to-be-installed extensions > (similar/like https://github.com/dimitri/pgextwlist) makes sense > additionally in today's container/cloud word where the local Postgres > admin might not have control over which packages get installed but wants > to have control over which extension the application admins (or whoever) > may create, but that is another topic I think. To use a certain extension, you may need to install the postgresql-contrib package. In that case, is there a way to restrict extensions other than the required one? Or is it unnecessary to impose such restrictions? Regards, Shinya Kato
Commits
-
Apply quotes more consistently to GUC names in logs
- 8d9978a7176a 17.0 cited