Home > mailing lists

Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM
Date	December 5 17:31:27
Msg-id	1431758.1764945087@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM (Jelte Fennema-Nio <postgres@jeltef.nl>)
List	pgsql-hackers

Tree view

Jelte Fennema-Nio <postgres@jeltef.nl> writes:
> On Thu, 4 Dec 2025 at 19:49, Kirill Reshke <reshkekirill@gmail.com> wrote:
>> Again, if we are using GUC to tell somebody something about security,
>> this doesn't work. Superuser can easily redefine any GUC.

> If you mark this GUC as PGC_BACKEND it cannot be changed with SET
> commands, not even by superusers.

There's ALTER SYSTEM SET, not to mention directly modifying
postgresql.conf, not to mention setting the GUC in the startup packet.
Sure, given some specific attack scenario there might be reasons
why none of those would work, but it's folly to claim that this
would be bulletproof.

            regards, tom lane

pgsql-hackers by date:

From: Bertrand Drouvot
Date: 05 December, 17:31:00
Subject: Re: More const-marking cleanup

From: Jelte Fennema-Nio
Date: 05 December, 17:32:32
Subject: Re: Safer hash table initialization macro

Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM - Mailing list pgsql-hackers

Previous

Next