On Wed, Nov 12, 2025 at 01:07:27PM -0500, Steve Chavez wrote:
> So I wonder if we could remove the possibility of shell access by providing
> a `--with-copy-program` compile flag.
You might be interested in this past discussion for a similar idea:
https://postgr.es/m/flat/20220520225619.GA876272%40nathanxps13
As others have already pointed out, there's no real boundary between
database superusers and the OS user running Postgres. I think many would
like there to be one, but I'm unaware of any serious efforts in that area,
and I doubt there's much appetite for it in the community.
--
nathan