On Tue, 2022-11-08 at 04:14 +0000, Jan Bilek wrote:
> I know it is not exactly what you suggested (and agreeing a lot with our
> app user shouldn't be running as superuser), but as all other inputs
> from our application come sanitized through bind and this is the only
> way where user can send an explicit command in there - I think it should do!
>
> Please let me know if you approve.
I strongly disapprove, and any security audit you pass with such a setup
is worthless. I repeat: the application does not need to connect with
a superuser.
I don't understand what you want to demonstrate with the code samples, or
what you mean when you say that "the user can send an explicit command".
Yours,
Laurenz Albe