[postgis-devel] PSC Vote - Mark postgis, postgis_topology, address_standardizer as trusted

Paul Ramsey pramsey at cleverelephant.ca
Mon Mar 8 07:53:09 PST 2021


I concur, this does not seem like a simple thing to me, and among the things that are impossible w/o catalogue trickery are splitting extensions into two during upgrade. One of the things I have been contemplating is pulling s2 in to support more geodetic operations and the Dependency Gods might prefer that to be split into postgis and postgis_geography. Doing that without unpackage/repackage would require some core magic.

P.

> On Mar 8, 2021, at 5:44 AM, Darafei Komяpa Praliaskouski <me at komzpa.net> wrote:
> 
> 
> 
> On Mon, Mar 8, 2021 at 4:27 PM Christoph Berg <myon at debian.org> wrote:
> Re: Raúl Marín
> > Are there any requirements to be a "trusted extension"? As in DO and DON'T
> > we should take into account during development in the future? I couldn't
> > find anything in Postgresql docs.
> 
> There must not be any functions that you wouldn't want an untrusted
> user to execute, like modify system catalogs, or read/write directly
> from/to the filesystem. Extension install/upgrade scripts need to be
> secure against search_path attacks and similar.
> 
> https://www.postgresql.org/docs/13/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY
> 
> 
> so, -1 as simple marking of extension.
> 
> +1 on below plan:
> 
> Our upgrade mechanism is not compliant with this. We need to drop upgrades from unpackaged to be marked as trusted at very least. 
> 
> So the plan to mark postgis trusted will be at least:
> 
>  - Announce that 3.2 is the last version to support upgrades from non-extension.
>  - Harden upgrades from earlier versions so that there is no chance to sneak in a function.
>  - Alternatively: forbid non-superuser to upgrade from pre-3.2.
>  - Get rid of all catalog trickery (needs core postgres team support to put all the ALTERs in place).
>  - Release 3.2.
>  - Really get rid of all catalog trickery (needs PG14+ as we don't have all ALTERs in place yet in  PG13).
>  - Mark extension as trusted.
>  - Release 3.3.
> 
>  
> 
> -- 
> Darafei "Komяpa" Praliaskouski
> OSM BY Team - http://openstreetmap.by/
> _______________________________________________
> postgis-devel mailing list
> postgis-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/postgis-devel



More information about the postgis-devel mailing list