On Thu, Dec 4, 2025, at 3:49 PM, Kirill Reshke wrote: > Again, if we are using GUC to tell somebody something about security, > this doesn't work. Superuser can easily redefine any GUC. >
It depends on the GUC property. See my idea in [1]. Another idea is to use environment variable similar to PG_OOM_ADJUST_FILE. If you are using a service manager, this makes it more difficult for an attacker to enable such a dangerous feature. [1] https://www.postgresql.org/message-id/100a2e42-388a-43ca-8c3d-220fd596bffc%40app.fastmail.com -- Euler Taveira EDB https://www.enterprisedb.com/
