Quick Links

Support a`--with-copy-program` compile flag

From:	Steve Chavez <steve(at)supabase(dot)io>
To:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Support a`--with-copy-program` compile flag
Date:	2025-11-12 18:07:27
Message-ID:	CAGRrpza_WUY_jaN4P-xkN=TdqfxH+eJJazZAo5gg=kQoEaQnVw@mail.gmail.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hello hackers,

Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is
dangerous from a security perspective because it allows users to escape
from the SQL sandbox and gain shell access on the instance.

Now there's the `pg_execute_server_program` predefined role to restrict
access to `COPY.. TO/FROM PROGRAM` but if somehow a pg user gains superuser
privileges then the predefined role is of no use.

So I wonder if we could remove the possibility of shell access by providing
a `--with-copy-program` compile flag.

Best regards,
Steve Chavez

Responses

Re: Support a`--with-copy-program` compile flag at 2025-11-12 18:23:04 from Heikki Linnakangas
Re: Support a`--with-copy-program` compile flag at 2025-11-12 18:37:40 from Andres Freund
Re: Support a`--with-copy-program` compile flag at 2025-11-12 19:56:10 from Nathan Bossart

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Heikki Linnakangas	2025-11-12 18:23:04	Re: Support a`--with-copy-program` compile flag
Previous Message	Tom Lane	2025-11-12 18:02:03	Re: Update timezone to C99