| From: | Kirill Reshke <reshkekirill(at)gmail(dot)com> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Nathan Bossart <nathandbossart(at)gmail(dot)com>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, Ignat Remizov <ignat980(at)gmail(dot)com>, Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM |
| Date: | 2025-12-04 18:49:14 |
| Message-ID: | CALdSSPiZ0pj6Eh4rtoQE9=8n+O_Q4RmpVj+zsx52mxJWT1S7Yw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 4 Dec 2025 at 21:33, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
>
> On Thu, 4 Dec 2025 at 11:56, Kirill Reshke <reshkekirill(at)gmail(dot)com> wrote:
> > > One idea would be to disallow FROM PROGRAM when connecting over the
> > network instead of a Unix socke
> >
> > How this would be protected from connecting to PostgreSQL over the
> > network and then executing dblink, making local (socket) connection?
>
> Good question. I think the easiest would be to always disallow FROM
> PROGRAM (by default) instead of only when connecting over the network.
How? with GUC?
> Another option would be to have dblink (and pg_fdw) tell postgres (wih
> e.g. a GUC being set in the StartupMessage) that it should be
> considered a remote connection for these purposes.
Again, if we are using GUC to tell somebody something about security,
this doesn't work. Superuser can easily redefine any GUC.
--
Best regards,
Kirill Reshke
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2025-12-04 18:53:02 | Re: POC: enable logical decoding when wal_level = 'replica' without a server restart |
| Previous Message | Nathan Bossart | 2025-12-04 18:41:26 | Re: pgsql: Add pg_atomic_unlocked_write_u64 |