On Tue, Jul 26, 2016 at 9:05 AM, Melvin Davidson <melvin6...@gmail.com> wrote:
> > > On Tue, Jul 26, 2016 at 9:52 AM, Dev Kumkar <devdas.kum...@gmail.com> > wrote: > >> On Tue, Jul 26, 2016 at 6:59 PM, David G. Johnston < >> david.g.johns...@gmail.com> wrote: >> >>> Typically this means that given user only having psql, or some other >>> backend protocol only, connect to the database are they able to execute >>> arbitrary commands as the user running the PostgreSQL process on the host >>> system. >>> >>> Untrusted langauges are untrusted for specifically this reason. Without >>> untrusted languages it requires privilege escalation to interact >>> dynamically with the host operating system. >>> >>> Assuming raised privileges it is presently impossible to prevent such >>> dynamic interaction. >>> >> >> Just thinking if untrusted language like plperlu is not installed then >> executing arbitrary commands is not possible. >> So the other possible which you did mention was COPY FROM PROGRAM >> command, is this understanding correct? >> >> Regards... >> > > >COPY FROM PROGRAM > > I think at this point it would be most beneficial if > 1. You stated your version of PostgreSQL & O/S > 2. Gave a comprehensive explanation of exactly what you are trying to do. > IOW, What exactly are you trying to prevent users from doing and why? > I agree. From my reading at: https://www.postgresql.org/docs/9.5/static/sql-copy.html the COPY FROM PROGRAM is only available to a PostgreSQL user who is database superuser. That, sort of, implies to me that said user is trusted not to do "evil", but abide by the restrictions place upon him/her/it. In some strange reality where this is not the case, and I was running on Linux, I would use SeLinux in enforcing mode to really restrict what the id under which the server is running could do. That is, a "don't allow unless explicitly allowed" type policy. Or I'd "sandbox" the PostgreSQL server code using something like docker, or under in a virtual machine with little access to other services. > > > -- > *Melvin Davidson* > I reserve the right to fantasize. Whether or not you > wish to share my fantasy is entirely up to you. > -- Klein bottle for rent -- inquire within. Maranatha! <>< John McKown
