> What’s the disadvantage, exactly? Sure, an attacker could stick a new > directory in the wild-carded path and it will suddenly be available, but they > can also just stick a dynamic library in any directory in a > dynamic_library_path and it’ll be available. How is a wild carded directory > worse than the current wildcarding, essentially, of DSOs and control files?
My main concern is observability: if you have a single directory, or a list of directories, it is clearly visible, it is relatively easy to argue about who can create files where. When we start adding wildcards anywhere on the path, and we can also have symlinks anywhere, it gets more difficult. Providing admins a way to see the currently active paths, and also possibly making it fixed between config reloads could mitigate most of that.
