
MySQL server has access to client-side filesystem - tta
https://twitter.com/gwillem/status/1086233504743129089
======
grumpydba
Similarly postgresql has access to the host shell:

COPY weather_json FROM PROGRAM 'curl
[https://api.openweathermap.org/data/2.5/weather?q=Tokyo';](https://api.openweathermap.org/data/2.5/weather?q=Tokyo';)
COPY 1

They both absolutely have to run under selinux.

~~~
SahAssar
Seems like that is the server shell, right?

> When PROGRAM is specified, the server executes the given command and reads
> from the standard output of the program, or writes to the standard input of
> the program. The command must be specified from the viewpoint of the server,
> and be executable by the PostgreSQL user.

Although the STDIN/STDOUT options seem a bit more ambiguous:

> When STDIN or STDOUT is specified, data is transmitted via the connection
> between the client and the server.

~~~
grumpydba
Yes it's the server shell.

------
rando444
I'm pretty sure all databases have access to the filesystem.

~~~
SahAssar
The difference here is that it's the client filesystem, not the server
filesystem.

