Home > mailing lists

Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM - Mailing list pgsql-hackers

From	Euler Taveira
Subject	Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM
Date	December 5 00:16:31
Msg-id	67cb5b93-888d-40bb-a41c-287bed4f7dc2@app.fastmail.com Whole thread Raw
In response to	Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM (Kirill Reshke <reshkekirill@gmail.com>)
List	pgsql-hackers

Tree view

On Thu, Dec 4, 2025, at 3:49 PM, Kirill Reshke wrote:
> Again, if we are using GUC to tell somebody something about security,
> this doesn't work. Superuser can easily redefine any GUC.
>

It depends on the GUC property. See my idea in [1]. Another idea is to use
environment variable similar to PG_OOM_ADJUST_FILE. If you are using a service
manager, this makes it more difficult for an attacker to enable such a
dangerous feature.

[1] https://www.postgresql.org/message-id/100a2e42-388a-43ca-8c3d-220fd596bffc%40app.fastmail.com

-- 
Euler Taveira
EDB   https://www.enterprisedb.com/

pgsql-hackers by date:

From: Peter Geoghegan
Date: 05 December, 00:10:44
Subject: Re: index prefetching

From: Hannu Krosing
Date: 05 December, 00:21:29
Subject: Re: Reduce timing overhead of EXPLAIN ANALYZE using rdtsc?

Re: [PATCH] Add enable_copy_program GUC to control COPY PROGRAM - Mailing list pgsql-hackers

Previous

Next