Except that it's it's not a bug. You're complaining that a superuser can do privileged things. Normal users can't use COPY ... PROGRAM:https://twitter.com/planetpostgres/status/1113166098046877697 …
-
-
Replying to @Jacob_Wilkin
It literally is working as documented. You can disagree with that design (IMO a bad argument, because the ability to extend postgres with additional functionality at runtime is a significant reason for its success). But that does NOT make it a security issue.
1 reply 1 retweet 4 likes -
Replying to @AndresFreundTec @Jacob_Wilkin
Claiming it as a remotely exploitable security issue is just disingenuous bullshit. You could just have blogged about a, in your view, poor design choice and that'd be entirely fair game.
1 reply 0 retweets 5 likes -
Replying to @AndresFreundTec @Jacob_Wilkin
Seriously, we allow superusers to do all kind of things. Execute user defined functions in languages running without sandboxes (there's also sandboxed languages, which non-superusers can use). Create new base types, which rely on C functions in extension libraries. DROP all data.
1 reply 1 retweet 3 likes -
Replying to @AndresFreundTec @Jacob_Wilkin
What you're saying is that, despite all that being documented, it's a security issue that we allow it. That just doesn't make sense.
1 reply 0 retweets 2 likes
IOW: Don't give superusers permissions to users that don't need it, and don't run your applications as a superuser.
-
-
Replying to @Jacob_Wilkin
You got a CVE for it. Describing a design disagreement / feature wish as a security vulnerability.
1 reply 0 retweets 0 likes - 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.