On 8/24/21 7:40 AM, David G. Johnston wrote:
On Fri, Aug 20, 2021 at 6:26 AM Tom Lane <tgl@xxxxxxxxxxxxx
<mailto:tgl@xxxxxxxxxxxxx>> wrote:
"Li EF Zhang" <bjzhangl@xxxxxxxxxx <mailto:bjzhangl@xxxxxxxxxx>> writes:
> Since pg13 support trusted extension, so I changed control file
of bloom and make it trusted.
The fact that you can edit the file that way doesn't make it a supported
case.
Why does that matter here though? This isn't a question about a
security violation, it's one about the basic premise that a trusted
extension is owned by the creating user and thus can be dropped by
them. During installation, a trusted user is permitted to perform
superuser actions by virtue of the trusted flag. Since they are allowed
to drop their own extension it is at least plausible to assume that upon
doing so the dropping would be done as a superuser as well. That this
is not the case doesn't seem to be documented nor, going from the commit
message for the feature, does it seem intentional.
To me the issue is that the extension was modified to trusted by an end
user not the extension author. I gotta believe there is more to the
trusted then a flag in the control file. It would not be surprising to
me that an ad hoc modification would fail.
David J.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
