> When PROGRAM is specified, the server executes the given command and reads from the standard output of the program, or writes to the standard input of the program. The command must be specified from the viewpoint of the server, and be executable by the PostgreSQL user.
Although the STDIN/STDOUT options seem a bit more ambiguous:
> When STDIN or STDOUT is specified, data is transmitted via the connection between the client and the server.
Similarly postgresql has access to the host shell:
COPY weather_json FROM PROGRAM 'curl https://api.openweathermap.org/data/2.5/weather?q=Tokyo'; COPY 1
They both absolutely have to run under selinux.
Seems like that is the server shell, right?
> When PROGRAM is specified, the server executes the given command and reads from the standard output of the program, or writes to the standard input of the program. The command must be specified from the viewpoint of the server, and be executable by the PostgreSQL user.
Although the STDIN/STDOUT options seem a bit more ambiguous:
> When STDIN or STDOUT is specified, data is transmitted via the connection between the client and the server.
Yes it's the server shell.
That explicitly requires superuser permissions. If you give those out, the user has plenty ways to code execution.
(And as mentioned elsewhere, that's server-side, not the server instructing the client to send files as in the tweet.)
I'm pretty sure all databases have access to the filesystem.
The difference here is that it's the client filesystem, not the server filesystem.