Re: Support a`--with-copy-program` compile flag
| От | Heikki Linnakangas |
|---|---|
| Тема | Re: Support a`--with-copy-program` compile flag |
| Дата | |
| Msg-id | 6ab1546e-5bb9-4408-8495-81373504e3ab@iki.fi обсуждение исходный текст |
| Ответ на | Support a`--with-copy-program` compile flag (Steve Chavez <steve@supabase.io>) |
| Список | pgsql-hackers |
On 12/11/2025 20:07, Steve Chavez wrote: > Hello hackers, > > Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is > dangerous from a security perspective because it allows users to escape > from the SQL sandbox and gain shell access on the instance. > > Now there's the `pg_execute_server_program` predefined role to restrict > access to `COPY.. TO/FROM PROGRAM` but if somehow a pg user gains > superuser privileges then the predefined role is of no use. > > So I wonder if we could remove the possibility of shell access by > providing a `--with-copy-program` compile flag. If you are superuser, there are many other ways you can gain shell access. There is no security boundary there. See e.g. https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/ - Heikki
В списке pgsql-hackers по дате отправления: