Home > mailing lists

Re: Support a`--with-copy-program` compile flag - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: Support a`--with-copy-program` compile flag
Date	November 12 21:23:04
Msg-id	6ab1546e-5bb9-4408-8495-81373504e3ab@iki.fi Whole thread Raw
In response to	Support a`--with-copy-program` compile flag (Steve Chavez <steve@supabase.io>)
List	pgsql-hackers

Tree view

On 12/11/2025 20:07, Steve Chavez wrote:
> Hello hackers,
> 
> Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is 
> dangerous from a security perspective because it allows users to escape 
> from the SQL sandbox and gain shell access on the instance.
> 
> Now there's the `pg_execute_server_program` predefined role to restrict 
> access to `COPY.. TO/FROM PROGRAM` but if somehow a pg user gains 
> superuser privileges then the predefined role is of no use.
> 
> So I wonder if we could remove the possibility of shell access by 
> providing a `--with-copy-program` compile flag.

If you are superuser, there are many other ways you can gain shell 
access. There is no security boundary there.

See e.g. 
https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/

- Heikki

pgsql-hackers by date:

From: Steve Chavez
Date: 12 November, 21:07:27
Subject: Support a`--with-copy-program` compile flag

From: Andres Freund
Date: 12 November, 21:37:40
Subject: Re: Support a`--with-copy-program` compile flag

Re: Support a`--with-copy-program` compile flag - Mailing list pgsql-hackers

Previous

Next