| From: | "Euler Taveira" <euler(at)eulerto(dot)com> |
|---|---|
| To: | "Kirill Reshke" <reshkekirill(at)gmail(dot)com>, "Jelte Fennema" <postgres(at)jeltef(dot)nl> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Nathan Bossart" <nathandbossart(at)gmail(dot)com>, "Jacob Champion" <jacob(dot)champion(at)enterprisedb(dot)com>, "Ignat Remizov" <ignat980(at)gmail(dot)com>, "Ashutosh Bapat" <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, "PostgreSQL Hackers" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM |
| Date: | 2025-12-04 21:16:31 |
| Message-ID: | 67cb5b93-888d-40bb-a41c-287bed4f7dc2@app.fastmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 4, 2025, at 3:49 PM, Kirill Reshke wrote:
> Again, if we are using GUC to tell somebody something about security,
> this doesn't work. Superuser can easily redefine any GUC.
>
It depends on the GUC property. See my idea in [1]. Another idea is to use
environment variable similar to PG_OOM_ADJUST_FILE. If you are using a service
manager, this makes it more difficult for an attacker to enable such a
dangerous feature.
[1] https://www.postgresql.org/message-id/100a2e42-388a-43ca-8c3d-220fd596bffc%40app.fastmail.com
--
Euler Taveira
EDB https://www.enterprisedb.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2025-12-04 21:21:29 | Re: Reduce timing overhead of EXPLAIN ANALYZE using rdtsc? |
| Previous Message | Peter Geoghegan | 2025-12-04 21:10:44 | Re: index prefetching |