Re: Hardening PostgreSQL via (optional) ban on local file system access

On Thu, Jun 30, 2022 at 11:52:20AM -0400, Robert Haas wrote:
> I don't think this would be very convenient in most scenarios, and I
> think it would also be difficult to implement correctly. I don't think
> you can get by with just having superuser() return false sometimes
> despite pg_authid.rolsuper being true. There's a lot of subtle
> assumptions in the code to the effect that the properties of a session
> are basically stable unless some SQL is executed which changes things.
> I think if we start injecting hacks like this it may seem to work in
> light testing but we'll never get to the end of the bug reports.

Yeah, seems it would have to be specified per-session, but how would you
specify a specific session before the session starts?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Indecision is a decision.  Inaction is an action.  Mark Batterson