From eb67623c965b4759a96309cdb58a17339fc5d401 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 13 Feb 2020 15:02:35 -0500 Subject: Mark some contrib modules as "trusted". This allows these modules to be installed into a database without superuser privileges (assuming that the DBA or sysadmin has installed the module's files in the expected place). You only need CREATE privilege on the current database, which by default would be available to the database owner. The following modules are marked trusted: btree_gin btree_gist citext cube dict_int earthdistance fuzzystrmatch hstore hstore_plperl intarray isn jsonb_plperl lo ltree pg_trgm pgcrypto seg tablefunc tcn tsm_system_rows tsm_system_time unaccent uuid-ossp In the future we might mark some more modules trusted, but there seems to be no debate about these, and on the whole it seems wise to be conservative with use of this feature to start out with. Discussion: https://postgr.es/m/32315.1580326876@sss.pgh.pa.us --- doc/src/sgml/btree-gin.sgml | 6 ++++++ doc/src/sgml/btree-gist.sgml | 6 ++++++ doc/src/sgml/citext.sgml | 6 ++++++ doc/src/sgml/contrib.sgml | 17 +++++++++++++---- doc/src/sgml/cube.sgml | 6 ++++++ doc/src/sgml/dict-int.sgml | 6 ++++++ doc/src/sgml/earthdistance.sgml | 6 ++++++ doc/src/sgml/fuzzystrmatch.sgml | 6 ++++++ doc/src/sgml/hstore.sgml | 11 +++++++++++ doc/src/sgml/intarray.sgml | 6 ++++++ doc/src/sgml/isn.sgml | 6 ++++++ doc/src/sgml/json.sgml | 7 +++++++ doc/src/sgml/lo.sgml | 6 ++++++ doc/src/sgml/ltree.sgml | 6 ++++++ doc/src/sgml/pgcrypto.sgml | 6 ++++++ doc/src/sgml/pgtrgm.sgml | 6 ++++++ doc/src/sgml/seg.sgml | 6 ++++++ doc/src/sgml/tablefunc.sgml | 6 ++++++ doc/src/sgml/tcn.sgml | 6 ++++++ doc/src/sgml/tsm-system-rows.sgml | 6 ++++++ doc/src/sgml/tsm-system-time.sgml | 6 ++++++ doc/src/sgml/unaccent.sgml | 6 ++++++ doc/src/sgml/uuid-ossp.sgml | 6 ++++++ 23 files changed, 151 insertions(+), 4 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/btree-gin.sgml b/doc/src/sgml/btree-gin.sgml index 314e001fefb..5bc5a054e8d 100644 --- a/doc/src/sgml/btree-gin.sgml +++ b/doc/src/sgml/btree-gin.sgml @@ -32,6 +32,12 @@ two separate indexes that would have to be combined via bitmap ANDing. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Example Usage diff --git a/doc/src/sgml/btree-gist.sgml b/doc/src/sgml/btree-gist.sgml index 774442feeee..3b61d276a38 100644 --- a/doc/src/sgml/btree-gist.sgml +++ b/doc/src/sgml/btree-gist.sgml @@ -52,6 +52,12 @@ oid, and money. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Example Usage diff --git a/doc/src/sgml/citext.sgml b/doc/src/sgml/citext.sgml index 85aa339d8ba..667824fb0b8 100644 --- a/doc/src/sgml/citext.sgml +++ b/doc/src/sgml/citext.sgml @@ -24,6 +24,12 @@ + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Rationale diff --git a/doc/src/sgml/contrib.sgml b/doc/src/sgml/contrib.sgml index b626a345f3e..08bb110b515 100644 --- a/doc/src/sgml/contrib.sgml +++ b/doc/src/sgml/contrib.sgml @@ -54,7 +54,7 @@ Many modules supply new user-defined functions, operators, or types. To make use of one of these modules, after you have installed the code you need to register the new SQL objects in the database system. - In PostgreSQL 9.1 and later, this is done by executing + This is done by executing a command. In a fresh database, you can simply do @@ -62,14 +62,23 @@ CREATE EXTENSION module_name; - This command must be run by a database superuser. This registers the - new SQL objects in the current database only, so you need to run this - command in each database that you want + This command registers the new SQL objects in the current database only, + so you need to run it in each database that you want the module's facilities to be available in. Alternatively, run it in database template1 so that the extension will be copied into subsequently-created databases by default. + + For all these modules, CREATE EXTENSION must be run + by a database superuser, unless the module is + considered trusted, in which case it can be run by any + user who has CREATE privilege on the current + database. Modules that are trusted are identified as such in the + sections that follow. Generally, trusted modules are ones that cannot + provide access to outside-the-database functionality. + + Many modules allow you to install their objects in a schema of your choice. To do that, add SCHEMA diff --git a/doc/src/sgml/cube.sgml b/doc/src/sgml/cube.sgml index c6e586270aa..71772d799fe 100644 --- a/doc/src/sgml/cube.sgml +++ b/doc/src/sgml/cube.sgml @@ -12,6 +12,12 @@ representing multidimensional cubes. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Syntax diff --git a/doc/src/sgml/dict-int.sgml b/doc/src/sgml/dict-int.sgml index c15cbd0e4d1..b556f1b4daf 100644 --- a/doc/src/sgml/dict-int.sgml +++ b/doc/src/sgml/dict-int.sgml @@ -15,6 +15,12 @@ unique words, which greatly affects the performance of searching. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Configuration diff --git a/doc/src/sgml/earthdistance.sgml b/doc/src/sgml/earthdistance.sgml index 670fc9955f7..7ca2c40e37d 100644 --- a/doc/src/sgml/earthdistance.sgml +++ b/doc/src/sgml/earthdistance.sgml @@ -23,6 +23,12 @@ project.) + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Cube-Based Earth Distances diff --git a/doc/src/sgml/fuzzystrmatch.sgml b/doc/src/sgml/fuzzystrmatch.sgml index 373ac4891df..382e54be918 100644 --- a/doc/src/sgml/fuzzystrmatch.sgml +++ b/doc/src/sgml/fuzzystrmatch.sgml @@ -20,6 +20,12 @@ + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Soundex diff --git a/doc/src/sgml/hstore.sgml b/doc/src/sgml/hstore.sgml index 94ccd1201e1..64c2477fffc 100644 --- a/doc/src/sgml/hstore.sgml +++ b/doc/src/sgml/hstore.sgml @@ -15,6 +15,12 @@ simply text strings. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + <type>hstore</type> External Representation @@ -633,6 +639,11 @@ ALTER TABLE tablename ALTER hstorecol TYPE hstore USING hstorecol || ''; convention). If you use them, hstore values are mapped to Python dictionaries. + + + Of these additional extensions, hstore_plperl is + considered trusted; the rest are not. + diff --git a/doc/src/sgml/intarray.sgml b/doc/src/sgml/intarray.sgml index b633cf36778..025cbca616e 100644 --- a/doc/src/sgml/intarray.sgml +++ b/doc/src/sgml/intarray.sgml @@ -24,6 +24,12 @@ treated as though it were a linear array in storage order. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + <filename>intarray</filename> Functions and Operators diff --git a/doc/src/sgml/isn.sgml b/doc/src/sgml/isn.sgml index 21174549eb5..6c61f14fdcd 100644 --- a/doc/src/sgml/isn.sgml +++ b/doc/src/sgml/isn.sgml @@ -21,6 +21,12 @@ dropped from a future version of this module. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Data Types diff --git a/doc/src/sgml/json.sgml b/doc/src/sgml/json.sgml index 6ff87518705..1b6aaf0a558 100644 --- a/doc/src/sgml/json.sgml +++ b/doc/src/sgml/json.sgml @@ -622,6 +622,13 @@ SELECT jdoc->'guid', jdoc->'name' FROM api WHERE jdoc @> '{"tags": ["qu use them, jsonb values are mapped to Python dictionaries, lists, and scalars, as appropriate. + + + Of these extensions, jsonb_plperl is + considered trusted, that is, it can be installed by + non-superusers who have CREATE privilege on the + current database. The rest require superuser privilege to install. + diff --git a/doc/src/sgml/lo.sgml b/doc/src/sgml/lo.sgml index cce37932ec6..0a4f2e4449a 100644 --- a/doc/src/sgml/lo.sgml +++ b/doc/src/sgml/lo.sgml @@ -13,6 +13,12 @@ and a trigger lo_manage. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Rationale diff --git a/doc/src/sgml/ltree.sgml b/doc/src/sgml/ltree.sgml index 3ddd335b8c9..b4e07f65109 100644 --- a/doc/src/sgml/ltree.sgml +++ b/doc/src/sgml/ltree.sgml @@ -13,6 +13,12 @@ Extensive facilities for searching through label trees are provided. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Definitions diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml index 0acd11ed555..cc916ff1d65 100644 --- a/doc/src/sgml/pgcrypto.sgml +++ b/doc/src/sgml/pgcrypto.sgml @@ -17,6 +17,12 @@ PostgreSQL. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + General Hashing Functions diff --git a/doc/src/sgml/pgtrgm.sgml b/doc/src/sgml/pgtrgm.sgml index 3e6fd7395fb..049f496869c 100644 --- a/doc/src/sgml/pgtrgm.sgml +++ b/doc/src/sgml/pgtrgm.sgml @@ -15,6 +15,12 @@ strings. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Trigram (or Trigraph) Concepts diff --git a/doc/src/sgml/seg.sgml b/doc/src/sgml/seg.sgml index d07329f5d17..2492de911ad 100644 --- a/doc/src/sgml/seg.sgml +++ b/doc/src/sgml/seg.sgml @@ -14,6 +14,12 @@ making it especially useful for representing laboratory measurements. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Rationale diff --git a/doc/src/sgml/tablefunc.sgml b/doc/src/sgml/tablefunc.sgml index 007e9c62f56..ad435d6dc3e 100644 --- a/doc/src/sgml/tablefunc.sgml +++ b/doc/src/sgml/tablefunc.sgml @@ -14,6 +14,12 @@ multiple rows. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Functions Provided diff --git a/doc/src/sgml/tcn.sgml b/doc/src/sgml/tcn.sgml index aa2fe4f00af..82afe9ada4b 100644 --- a/doc/src/sgml/tcn.sgml +++ b/doc/src/sgml/tcn.sgml @@ -17,6 +17,12 @@ used as an AFTER trigger FOR EACH ROW. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Only one parameter may be supplied to the function in a CREATE TRIGGER statement, and that is optional. If supplied diff --git a/doc/src/sgml/tsm-system-rows.sgml b/doc/src/sgml/tsm-system-rows.sgml index 3dcd948ff86..071ff301d07 100644 --- a/doc/src/sgml/tsm-system-rows.sgml +++ b/doc/src/sgml/tsm-system-rows.sgml @@ -33,6 +33,12 @@ the REPEATABLE clause. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Examples diff --git a/doc/src/sgml/tsm-system-time.sgml b/doc/src/sgml/tsm-system-time.sgml index fd8e9995443..cd074926d85 100644 --- a/doc/src/sgml/tsm-system-time.sgml +++ b/doc/src/sgml/tsm-system-time.sgml @@ -35,6 +35,12 @@ the REPEATABLE clause. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Examples diff --git a/doc/src/sgml/unaccent.sgml b/doc/src/sgml/unaccent.sgml index 547ac54a71e..5cd716a2aa5 100644 --- a/doc/src/sgml/unaccent.sgml +++ b/doc/src/sgml/unaccent.sgml @@ -21,6 +21,12 @@ normalizing dictionary for the thesaurus dictionary. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + Configuration diff --git a/doc/src/sgml/uuid-ossp.sgml b/doc/src/sgml/uuid-ossp.sgml index 0fbabbfda24..54d7813d38e 100644 --- a/doc/src/sgml/uuid-ossp.sgml +++ b/doc/src/sgml/uuid-ossp.sgml @@ -16,6 +16,12 @@ linkend="functions-uuid"/> for built-in ways to generate UUIDs. + + This module is considered trusted, that is, it can be + installed by non-superusers who have CREATE privilege + on the current database. + + <literal>uuid-ossp</literal> Functions -- cgit v1.2.3