On 2013-06-10 10:39:48 -0400, Tom Lane wrote: > Andres Freund <and...@2ndquadrant.com> writes: > > On 2013-06-10 10:13:45 -0400, Tom Lane wrote: > >> More generally, it seems pretty insane to me to want to configure a > >> "trusted" PG installation so that it can load C code from an untrusted > >> place. The trust level cannot be any higher than the weakest link. > >> Thus, I don't see a scenario in which any packager would ship binaries > >> using such an option, even if it existed. > > > I fail to see the logic here. > > You are confusing location in the filesystem with permissions. Assuming > that a sysadmin wants to allow, say, the postgres DBA to install random > extensions, all he has to do is adjust the permissions on the .../extension > directory to allow that (or not). Putting the extension directory > somewhere else doesn't change that meaningfully, it just makes things > more confusing and hence error-prone.
That's different because that a) effects all clusters on the machine and b) will get reversed by package management on the next update. > In any case, no packager is going to ship an insecure-by-default > configuration, which is what Dimitri seems to be fantasizing would > happen. It would have to be local option to relax the permissions > on the directory, no matter where it is. *I* don't want that at all. All I'd like to have is a postgresql.conf option specifying additional locations. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
