Re: Information of pg_stat_ssl visible to all users
| От | Michael Paquier |
|---|---|
| Тема | Re: Information of pg_stat_ssl visible to all users |
| Дата | |
| Msg-id | CAB7nPqRPir6u_LZrG0WC6wZkvuvvzSvd5OOWfqA92ggO3RSzBA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Information of pg_stat_ssl visible to all users (Magnus Hagander <magnus@hagander.net>) |
| Ответы |
Re: Information of pg_stat_ssl visible to all users
|
| Список | pgsql-hackers |
On Tue, Jun 9, 2015 at 3:27 PM, Magnus Hagander <magnus@hagander.net> wrote: > > On Jun 9, 2015 6:00 AM, "Michael Paquier" <michael.paquier@gmail.com> wrote: >> >> Hi all, >> >> I should have noticed that before, but it happens that pg_stat_ssl >> leaks information about the SSL status of all the users connected to a >> server. Let's imagine for example: >> 1) Session 1 connected through SSL with a superuser: >> =# create role toto login; >> CREATE ROLE >> =# select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (1 row) >> 2) New session 2 with previously created user: >> => select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> 33367 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (2 rows) >> >> Attached is a patch to mask those values to users that should not have >> access to it, similarly to the other fields of pg_stat_activity. > > I don't have the thread around right now (on phone), but didn't we discuss > this back around the original submission and decide that this was wanted > behavior? Looking back at this thread, it is mentioned here: http://www.postgresql.org/message-id/31891.1405175764@sss.pgh.pa.us > What actual sensitive data is leaked? If knowing the cipher type makes it > easier to hack you have a broken cipher, don't you? I am just wondering if it is a good idea to let other users know the origin of a connection to all the users. Let's imagine the case where for example the same user name is used for non-SSL and SSL sessions. This could give a hint of the activity on the server.. However, feel free to ignore those concerns if you think the current situation is fine... -- Michael
В списке pgsql-hackers по дате отправления: