On Wed, Dec 3, 2025 at 06:44:51PM +0200, Ignat Remizov wrote: > This patch is intentionally "small": it only removes the most commonly > exploited primitive (COPY PROGRAM). I agree a more comprehensive approach > would be ideal (covering extensions/untrusted PLs, LOAD, filesystem functions, > etc.), but that would take more time to design and implement properly, and was > already in my plans over the next few weekends, ideally via a single control > point. Something that flips the assumption that superuser is a trusted role, > and instead requires explicit enabling of potentially dangerous features.
You probably could have saved yourself some work by following our normal workflow for change proposals: https://wiki.postgresql.org/wiki/Todo Desirability -> Design -> Implement -> Test -> Review -> Commit You went all the way to "Implement" without before getting agreement on "Desirability". -- Bruce Momjian <[email protected]> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
