Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v11bz-003kDy-0K for pgsql-general@arkaria.postgresql.org; Tue, 23 Sep 2025 11:55:11 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v11bw-0058PY-A2 for pgsql-general@arkaria.postgresql.org; Tue, 23 Sep 2025 11:55:08 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v11bv-0058PQ-Vb for pgsql-general@lists.postgresql.org; Tue, 23 Sep 2025 11:55:07 +0000 Received: from ms-10.1blu.de ([178.254.4.101]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1v11bt-001vuO-0e for pgsql-general@lists.postgresql.org; Tue, 23 Sep 2025 11:55:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=unixarea.de ; s=blu3434000; h=Content-Transfer-Encoding:Content-Type:MIME-Version: Reply-To:Message-ID:Subject:To:From:Date:Sender:Cc:Content-ID: Content-Description:In-Reply-To:References; bh=MxnEm0LN/rpF5EuvZWzBFXN7oF3fE+whIrTgqRNSGdI=; b=AZi1Oj9h6sVpOFldc3Y7d59k2m 6HExE+7gMROMuQOFR4XcyICiMPcqpcHwPxLmueFsVt8Yzxo9j0swExIoTNo4h8R22Sbu8O6CRtfQd Hps92yZCp07xKITC6mL2ZwCxD8+bRwugbOFBvmaStQsZ3qm36EVEPzunie35dTBIE4/QxABYdYxq/ hL9vBIdlcFhJX5ss0n6O9a73E0uZCQWVm7NnVjaIwMt5NxzTsNvnndVYAmKmdPi05iriWEPy4YOpy trySUeA33/b2K9QOu1ujBU8UaakTQAXVmgdiDuLZy2uBixohmLTJaiDAHPigfO6whrpCYq7J50yvH ONKQuIGQ==; Received: from [212.222.85.178] (helo=pureos) by ms-10.1blu.de with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v11bq-00Cw8I-9t for pgsql-general@lists.postgresql.org; Tue, 23 Sep 2025 13:55:02 +0200 Date: Tue, 23 Sep 2025 13:55:00 +0200 From: Matthias Apitz To: pgsql-general@lists.postgresql.org Subject: executing Linux commands from the PostgreSQL server Message-ID: Reply-To: Matthias Apitz MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 14.0-CURRENT 1400094 (amd64) X-message-flag: Mails in HTML will not be read! Send only plain text. X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 212.222.85.178 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hello, The other way I detected that the PostgreSQL user 'postgres' (or any other user who can use the COPY ... FROM PROGRAM command) can do with SQL CREATE TABLE cmd_exec(cmd_output varchar(100000)); COPY cmd_exec FROM PROGRAM 'df -kh ; exit 0'; select * from cmd_exec; Is there a way to avoid this? matthias -- Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub Annalena Baerbock: "We are fighting a war against Russia ..." (25.1.2023) I, Matthias, I am not at war with Russia. Я не воюю с Россией. Ich bin nicht im Krieg mit Russland.