krzf83@xxxxxxxxx escribió: > Year has passed and still no answer here or in documentation. I wonder > if I get to live that long so I can find out answer. The question was: > Ok, but can someone comment, document something on security of > installing extensions for normal users? Does allowing access to > extension provides a way to circumvent security model? If not why > can't it be allowed for user installations (provided that extension > was previously allowed in some conf file)? I see you got some answers, but they weren't fully correct. Really, CREATE EXTENSION can be run by any user, no special privileges necessary; but all commands inside the extension script will go through the normal privilege checks, so if you're not superuser you will not be able to install extensions that try to install C-language functions, for example. The documentation for CREATE EXTENSION does say this, so I'm not sure what else you want. Quoth that page: Loading an extension requires the same privileges that would be required to create its component objects. For most extensions this means superuser or database owner privileges are needed. The user who runs CREATE EXTENSION becomes the owner of the extension for purposes of later privilege checks, as well as the owner of any objects created by the extension's script. http://www.postgresql.org/docs/current/static/sql-createextension.html What we don't yet have is something that was proposed some time ago: the possibility of "whitelisting" extensions so that any database owner is able to install it regardless of privileges. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
