Typically this means that given user only having psql, or some other backend protocol only, connect to the database are they able to execute arbitrary commands as the user running the PostgreSQL process on the host system.
Untrusted langauges are untrusted for specifically this reason. Without untrusted languages it requires privilege escalation to interact dynamically with the host operating system.
Assuming raised privileges it is presently impossible to prevent such dynamic interaction.
Just thinking if untrusted language like plperlu is not installed then executing arbitrary commands is not possible.
So the other possible which you did mention was COPY FROM PROGRAM command, is this understanding correct?
