El día viernes, julio 11, 2025 a las 11:12:38a. m. -0600, Edmundo Robles
escribió:
> Hi
>
> i have (PostgreSQL) 13.16 (Debian 13.16-0+deb11u1)
> While monitoring active queries, I came across the following:
>
> `DROP TABLE IF EXISTS _145e289026a0a2a62de07e49c06d9965; CREATE TABLE
> _145e289026a0a2a62de07e49c06d9965(cmd_output text); COPY
> _145e289026a0a2a62de07e49c06d9965 FROM PROGRAM 'BASE64 string'`
>
> The 'BASE64 string' appears to be a shell script that creates hidden
> directories, `.xdiag` and `.xperf`, in `/tmp`.
The COPY ... FROM PROGRAM is estricted to superusers or roles with
the pg_execute_server_program permission, which is not granted to
users by default. The PROGRAM is executed on UNIX type systems as
the user 'postgres' (don't know about servers on Windows) and is
extremely dangerous because theoretically the full cluster could
be exported or purged by PRGOGRAM.
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
An die deutsche Bundesregierung: Nein, meine Söhne geb' ich nicht für Ihren
Krieg!
Al Gobierno alemán: ¡No, no doy mis hijos para su guerra!
To the German Government: No, I will not give my sons for your war!
