Disallow execution of shell commands from psql
Hi!
Happy new (gregorian calendar) year!
Somehow related to the proposal of having a `psql --idle` option, is there
a way to disallow the command `\!` (and anything of the likes in psql?
Sure, I can set the SHELL env var at run-time, but I still want to have
postgres user to be a normal user, with its shell etc, which means it can
change this SHELL setting somewhere.
Any tip?
On Tue, Jan 10, 2023 at 07:01:24PM +0100, Wiwwo Staff wrote:
Hi!
Happy new (gregorian calendar) year!Somehow related to the proposal of having a `psql --idle` option, is there
a way to disallow the command `\!` (and anything of the likes in psql?Sure, I can set the SHELL env var at run-time, but I still want to have
postgres user to be a normal user, with its shell etc, which means it can
change this SHELL setting somewhere.
As far as I know, it's not possible. Why is that a problem though?
\! will run command as the user that ran psql. So it's not a security
issue. What's the problem then?
Best regards,
depesz