Re: Information of pg_stat_ssl visible to all users

<p dir="ltr"><br /> On Jun 9, 2015 6:00 AM, "Michael Paquier" <<a
href="mailto:michael.paquier@gmail.com">michael.paquier@gmail.com</a>>wrote:<br /> ><br /> > Hi all,<br />
><br/> > I should have noticed that before, but it happens that pg_stat_ssl<br /> > leaks information about
theSSL status of all the users connected to a<br /> > server. Let's imagine for example:<br /> > 1) Session 1
connectedthrough SSL with a superuser:<br /> > =# create role toto login;<br /> > CREATE ROLE<br /> > =#
select* from pg_stat_ssl;<br /> >   pid  | ssl | version |           cipher            | bits |<br /> >
compression| clientdn<br /> >
-------+-----+---------+-----------------------------+------+-------------+----------<br/> >  33348 | t   | TLSv1.2
|ECDHE-RSA-AES256-GCM-SHA384 |  256 | t           |<br /> > (1 row)<br /> > 2) New session 2 with previously
createduser:<br /> > => select * from pg_stat_ssl;<br /> >   pid  | ssl | version |           cipher         
 | bits |<br /> > compression | clientdn<br /> >
-------+-----+---------+-----------------------------+------+-------------+----------<br/> >  33348 | t   | TLSv1.2
|ECDHE-RSA-AES256-GCM-SHA384 |  256 | t           |<br /> >  33367 | t   | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 
256| t           |<br /> > (2 rows)<br /> ><br /> > Attached is a patch to mask those values to users that
shouldnot have<br /> > access to it, similarly to the other fields of pg_stat_activity.<br /><p dir="ltr">I don't
havethe thread around right now (on phone), but didn't we discuss this back around the original submission and decide
thatthis was wanted behavior? <p dir="ltr">What actual sensitive data is leaked? If knowing the cipher type makes it
easierto hack you have a broken cipher, don't you? <p dir="ltr">/Magnus <br />