On Wed, Nov 12, 2025 at 01:07:27PM -0500, Steve Chavez wrote:
> So I wonder if we could remove the possibility of shell access by providing
> a `--with-copy-program` compile flag.
You might be interested in this past discussion for a similar idea:
https://postgr.es/m/flat/20220520225619.G
Hi,
On 2025-11-12 13:07:27 -0500, Steve Chavez wrote:
> Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is
> dangerous from a security perspective because it allows users to escape
> from the SQL sandbox and gain shell access on the instance.
>
> Now there's the `pg_execute_server
On 12/11/2025 20:07, Steve Chavez wrote:
Hello hackers,
Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is
dangerous from a security perspective because it allows users to escape
from the SQL sandbox and gain shell access on the instance.
Now there's the `pg_execute_server_pr
Hello hackers,
Postgres provides the `COPY .. TO/FROM PROGRAM` statement. This is
dangerous from a security perspective because it allows users to escape
from the SQL sandbox and gain shell access on the instance.
Now there's the `pg_execute_server_program` predefined role to restrict
access to `
