| From: | Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> |
|---|---|
| To: | John McKown <john(dot)archie(dot)mckown(at)gmail(dot)com> |
| Cc: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How to stop script executions |
| Date: | 2016-07-26 18:45:47 |
| Message-ID: | CALSLE1PUfoUE-oC_VTsZg7BGm4KOnMU_p7XwFiaFzeQG7vu58w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Jul 26, 2016 at 7:53 PM, John McKown <john(dot)archie(dot)mckown(at)gmail(dot)com>
wrote:
> I agree. From my reading at:
> https://www.postgresql.org/docs/9.5/static/sql-copy.html the COPY FROM
> PROGRAM is only available to a PostgreSQL user who is database superuser.
> That, sort of, implies to me that said user is trusted not to do "evil",
> but abide by the restrictions place upon him/her/it. In some strange
> reality where this is not the case, and I was running on Linux, I would use
> SeLinux in enforcing mode to really restrict what the id under which the
> server is running could do. That is, a "don't allow unless explicitly
> allowed" type policy. Or I'd "sandbox" the PostgreSQL server code using
> something like docker, or under in a virtual machine with little access to
> other services.
>
PostgreSQL version is 9.3 and O/s is both linux and windows.
I was trying to understand from both O/S perspectives that what kind of
commands can be run using COPY FROM PROGRAM which can have an impact.
Thanks for all the information!
Regards...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerome Wagner | 2016-07-26 19:20:53 | question on parsing postgres sql queries |
| Previous Message | Joshua D. Drake | 2016-07-26 18:05:12 | Re: Uber migrated from Postgres to MySQL |