Jelte Fennema-Nio <postgres@jeltef.nl> writes:
> On Thu, 4 Dec 2025 at 19:49, Kirill Reshke <reshkekirill@gmail.com> wrote:
>> Again, if we are using GUC to tell somebody something about security,
>> this doesn't work. Superuser can easily redefine any GUC.
> If you mark this GUC as PGC_BACKEND it cannot be changed with SET
> commands, not even by superusers.
There's ALTER SYSTEM SET, not to mention directly modifying
postgresql.conf, not to mention setting the GUC in the startup packet.
Sure, given some specific attack scenario there might be reasons
why none of those would work, but it's folly to claim that this
would be bulletproof.
regards, tom lane