Hi all,
I should have noticed that before, but it happens that pg_stat_ssl
leaks information about the SSL status of all the users connected to a
server. Let's imagine for example:
1) Session 1 connected through SSL with a superuser:
=# create role toto login;
CREATE ROLE
=# select * from pg_stat_ssl;
pid | ssl | version | cipher | bits |
compression | clientdn
-------+-----+---------+-----------------------------+------+-------------+----------
33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t |
(1 row)
2) New session 2 with previously created user:
=> select * from pg_stat_ssl;
pid | ssl | version | cipher | bits |
compression | clientdn
-------+-----+---------+-----------------------------+------+-------------+----------
33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t |
33367 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t |
(2 rows)
Attached is a patch to mask those values to users that should not have
access to it, similarly to the other fields of pg_stat_activity.
Regards,
--
Michael
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c
index f7c9bf6..159860b 100644
--- a/src/backend/utils/adt/pgstatfuncs.c
+++ b/src/backend/utils/adt/pgstatfuncs.c
@@ -626,21 +626,6 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
else
nulls[15] = true;
- if (beentry->st_ssl)
- {
- values[16] = BoolGetDatum(true); /* ssl */
- values[17] = CStringGetTextDatum(beentry->st_sslstatus->ssl_version);
- values[18] = CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);
- values[19] = Int32GetDatum(beentry->st_sslstatus->ssl_bits);
- values[20] = BoolGetDatum(beentry->st_sslstatus->ssl_compression);
- values[21] = CStringGetTextDatum(beentry->st_sslstatus->ssl_clientdn);
- }
- else
- {
- values[16] = BoolGetDatum(false); /* ssl */
- nulls[17] = nulls[18] = nulls[19] = nulls[20] = nulls[21] = true;
- }
-
/* Values only available to role member */
if (has_privs_of_role(GetUserId(), beentry->st_userid))
{
@@ -761,6 +746,22 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
nulls[13] = true;
}
}
+
+ /* ssl information */
+ if (beentry->st_ssl)
+ {
+ values[16] = BoolGetDatum(true); /* ssl */
+ values[17] = CStringGetTextDatum(beentry->st_sslstatus->ssl_version);
+ values[18] = CStringGetTextDatum(beentry->st_sslstatus->ssl_cipher);
+ values[19] = Int32GetDatum(beentry->st_sslstatus->ssl_bits);
+ values[20] = BoolGetDatum(beentry->st_sslstatus->ssl_compression);
+ values[21] = CStringGetTextDatum(beentry->st_sslstatus->ssl_clientdn);
+ }
+ else
+ {
+ values[16] = BoolGetDatum(false); /* ssl */
+ nulls[17] = nulls[18] = nulls[19] = nulls[20] = nulls[21] = true;
+ }
}
else
{
@@ -775,6 +776,13 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
nulls[11] = true;
nulls[12] = true;
nulls[13] = true;
+ /* ssl information */
+ nulls[16] = true;
+ nulls[17] = true;
+ nulls[18] = true;
+ nulls[19] = true;
+ nulls[20] = true;
+ nulls[21] = true;
}
tuplestore_putvalues(tupstore, tupdesc, values, nulls);
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
