-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[YSQL] Import specially treated variables fix #14139
Labels
2.14 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/bug
This issue is a bug
priority/medium
Medium priority issue
Comments
tedyu
added
area/ysql
Yugabyte SQL (YSQL)
status/awaiting-triage
Issue awaiting triage
labels
Sep 22, 2022
yugabyte-ci
added
kind/bug
This issue is a bug
priority/medium
Medium priority issue
labels
Sep 22, 2022
sushantrmishra
added
2.12 Backport Required
2.14 Backport Required
and removed
status/awaiting-triage
Issue awaiting triage
labels
Sep 23, 2022
tedyu
added a commit
that referenced
this issue
Sep 24, 2022
…variables Summary: Upstream commit was 098fb00799ffb026ff12c64bd21635f963cfc609 Commit message was: If an interactive psql session used \gset when querying a compromised server, the attacker could execute arbitrary code as the operating system account running psql. Using a prefix not found among specially treated variables, e.g. every lowercase string, precluded the attack. Fix by issuing a warning and setting no variable for the column in question. Users wanting the old behavior can use a prefix and then a meta-command like "\set HISTSIZE :prefix_HISTSIZE". Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Nick Cleaton. Security: CVE-2020-25696 The call to pg_log_warning() is omitted since it fails compilation: ``` [2022-09-22T15:26:00.821Z] src/postgres/src/bin/psql/common.c:935:5: error: implicit declaration of function 'pg_log_warning' is invalid in C99 [-Werror,-Wimplicit-function-declaration] [2022-09-22T15:26:00.821Z] pg_log_warning("attempt to \\gset into specially treated variable \"%s\" ignored", ``` Porting over pg_log_warning would require several other commits. Test Plan: ``` yugabyte=# select 97 as "EOF", 'ok' as _foo \gset IGNORE yugabyte=# \echo :IGNORE_foo :IGNOREEOF ok 0 ``` Reviewers: plee, smishra, myang Reviewed By: myang Subscribers: yql Differential Revision: https://phabricator.dev.yugabyte.com/D19723
tedyu
added a commit
that referenced
this issue
Sep 26, 2022
… specially treated variables Summary: Original commit was a2bfda3 / D19723 Upstream commit was 098fb00799ffb026ff12c64bd21635f963cfc609 Commit message was: If an interactive psql session used \gset when querying a compromised server, the attacker could execute arbitrary code as the operating system account running psql. Using a prefix not found among specially treated variables, e.g. every lowercase string, precluded the attack. Fix by issuing a warning and setting no variable for the column in question. Users wanting the old behavior can use a prefix and then a meta-command like "\set HISTSIZE :prefix_HISTSIZE". Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Nick Cleaton. Security: CVE-2020-25696 Test Plan: Jenkins: rebase: 2.14 Reviewers: myang Reviewed By: myang Subscribers: yql Differential Revision: https://phabricator.dev.yugabyte.com/D19778
tedyu
added a commit
that referenced
this issue
Sep 26, 2022
… specially treated variables Summary: Original commit was a2bfda3 / D19723 Upstream commit was 098fb00799ffb026ff12c64bd21635f963cfc609 Commit message was: If an interactive psql session used \gset when querying a compromised server, the attacker could execute arbitrary code as the operating system account running psql. Using a prefix not found among specially treated variables, e.g. every lowercase string, precluded the attack. Fix by issuing a warning and setting no variable for the column in question. Users wanting the old behavior can use a prefix and then a meta-command like "\set HISTSIZE :prefix_HISTSIZE". Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Nick Cleaton. Security: CVE-2020-25696 Test Plan: Jenkins: rebase: 2.12 Reviewers: myang Reviewed By: myang Subscribers: yql Differential Revision: https://phabricator.dev.yugabyte.com/D19779
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2.14 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/bug
This issue is a bug
priority/medium
Medium priority issue
Jira Link: DB-3615
Description
Import specially treated variables fix
The text was updated successfully, but these errors were encountered: