Ignore attempts to \gset into specially treated variables.

If an interactive psql session used \gset when querying a compromised server, the attacker could execute arbitrary code as the operating system account running psql. Using a prefix not found among specially treated variables, e.g. every lowercase string, precluded the attack. Fix by issuing a warning and setting no variable for the column in question. Users wanting the old behavior can use a prefix and then a meta-command like "\set HISTSIZE :prefix_HISTSIZE". Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Nick Cleaton. Security: CVE-2020-25696
author: Noah Misch <noah@leadboat.com> 2020-11-09 07:32:09 -0800
committer: Noah Misch <noah@leadboat.com> 2020-11-09 07:32:14 -0800
commit: a54dfbee1f1bad431793968918bbb8541dc860a0 (patch)
tree: 777163b0cb9cdd45bf06c8b773f9b74a0198e353 /src/bin/psql/variables.h
parent: aefc625dedae52073e7d279feb43f6255f992ea7 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/bin/psql/variables.h b/src/bin/psql/variables.h
index c071846d9ff..fba4af0c811 100644
--- a/src/bin/psql/variables.h
+++ b/src/bin/psql/variables.h
@@ -50,6 +50,7 @@ void		PrintVariables(VariableSpace space);
 
 bool		SetVariable(VariableSpace space, const char *name, const char *value);
 bool		SetVariableAssignHook(VariableSpace space, const char *name, VariableAssignHook hook);
+bool		VariableHasHook(VariableSpace space, const char *name);
 bool		SetVariableBool(VariableSpace space, const char *name);
 bool		DeleteVariable(VariableSpace space, const char *name);
author	Noah Misch <noah@leadboat.com>	2020-11-09 07:32:09 -0800
committer	Noah Misch <noah@leadboat.com>	2020-11-09 07:32:14 -0800
commit	a54dfbee1f1bad431793968918bbb8541dc860a0 (patch)
tree	777163b0cb9cdd45bf06c8b773f9b74a0198e353 /src/bin/psql/variables.h
parent	aefc625dedae52073e7d279feb43f6255f992ea7 (diff)