Andres Freund <and...@2ndquadrant.com> writes: > On 2013-06-10 10:13:45 -0400, Tom Lane wrote: >> More generally, it seems pretty insane to me to want to configure a >> "trusted" PG installation so that it can load C code from an untrusted >> place. The trust level cannot be any higher than the weakest link. >> Thus, I don't see a scenario in which any packager would ship binaries >> using such an option, even if it existed.
> I fail to see the logic here. You are confusing location in the filesystem with permissions. Assuming that a sysadmin wants to allow, say, the postgres DBA to install random extensions, all he has to do is adjust the permissions on the .../extension directory to allow that (or not). Putting the extension directory somewhere else doesn't change that meaningfully, it just makes things more confusing and hence error-prone. In any case, no packager is going to ship an insecure-by-default configuration, which is what Dimitri seems to be fantasizing would happen. It would have to be local option to relax the permissions on the directory, no matter where it is. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers