Information of pg_stat_ssl visible to all users

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема Information of pg_stat_ssl visible to all users
Дата
Msg-id CAB7nPqReR+MUupGA5wd9tywdhhgHkREnY9OEJemMxkd2zzrvQw@mail.gmail.com
обсуждение исходный текст
Ответы Re: Information of pg_stat_ssl visible to all users
Список pgsql-hackers
Дерево обсуждения 
Hi all,

I should have noticed that before, but it happens that pg_stat_ssl
leaks information about the SSL status of all the users connected to a
server. Let's imagine for example:
1) Session 1 connected through SSL with a superuser:
=# create role toto login;
CREATE ROLE
=# select * from pg_stat_ssl;
  pid  | ssl | version |           cipher            | bits |
compression | clientdn
-------+-----+---------+-----------------------------+------+-------------+----------
 33348 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 |  256 | t           |
(1 row)
2) New session 2 with previously created user:
=> select * from pg_stat_ssl;
  pid  | ssl | version |           cipher            | bits |
compression | clientdn
-------+-----+---------+-----------------------------+------+-------------+----------
 33348 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 |  256 | t           |
 33367 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 |  256 | t           |
(2 rows)

Attached is a patch to mask those values to users that should not have
access to it, similarly to the other fields of pg_stat_activity.
Regards,
--
Michael
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: David Rowley
Дата:
Сообщение: Aggregate Supporting Functions
Следующее
От: Amit Kapila
Дата:
Сообщение: Re: Re: [COMMITTERS] pgsql: Map basebackup tablespaces using a tablespace_map file