[PostGIS] #5567: Mark PostGIS extensions as trusted ( PG13+ )
PostGIS
trac at osgeo.org
Fri Jan 19 17:03:57 PST 2024
#5567: Mark PostGIS extensions as trusted ( PG13+ )
--------------------------+---------------------------
Reporter: strk | Owner: strk
Type: enhancement | Status: new
Priority: medium | Milestone: PostGIS 3.5.0
Component: postgis | Version: master
Resolution: | Keywords:
--------------------------+---------------------------
Comment (by rouault):
https://www.postgresql.org/docs/13/extend-extensions.html mentions
"Generally, this should not be set true for extensions that could allow
access to otherwise-superuser-only abilities, such as file system access."
So obviously you don't want postgis_raster to be trusted (at least when
out_db support is enabled). But even regular postgis can access files like
using ST_Transform() with a PROJ.4 string using +nadgrids=/some/path .
ST_TransformPipeline() can also use various PROJ operations that load
grids or JSON files.
--
Ticket URL: <https://trac.osgeo.org/postgis/ticket/5567#comment:6>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list