Re: Hardening PostgreSQL via (optional) ban on local file system access

[Andrey Borodin]

> On 25 Jun 2022, at 03:08, Hannu Krosing <han...@google.com> wrote:
> 
> Currently the file system access is controlled via being a SUPREUSER

My 2 cents. Ongoing work on making superuser access unneeded seems much more 
relevant to me.
IMO superuser == full OS access available from postgres process. I think 
there's uncountable set of ways to affect OS from superuser.
E.g. you can create a TOAST value compressed by pglz that allows you to look 
few kilobytes before detoasted datum. Or make an archive_command = 'gcc my 
shell code'.
It's not even funny to invent things that you can hack as a superuser.

Best regards, Andrey Borodin.