On Tue, Jun 9, 2015 at 3:27 PM, Magnus Hagander <mag...@hagander.net> wrote: > > On Jun 9, 2015 6:00 AM, "Michael Paquier" <michael.paqu...@gmail.com> wrote: >> >> Hi all, >> >> I should have noticed that before, but it happens that pg_stat_ssl >> leaks information about the SSL status of all the users connected to a >> server. Let's imagine for example: >> 1) Session 1 connected through SSL with a superuser: >> =# create role toto login; >> CREATE ROLE >> =# select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (1 row) >> 2) New session 2 with previously created user: >> => select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> 33367 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (2 rows) >> >> Attached is a patch to mask those values to users that should not have >> access to it, similarly to the other fields of pg_stat_activity. > > I don't have the thread around right now (on phone), but didn't we discuss > this back around the original submission and decide that this was wanted > behavior?
Looking back at this thread, it is mentioned here: http://www.postgresql.org/message-id/31891.1405175...@sss.pgh.pa.us > What actual sensitive data is leaked? If knowing the cipher type makes it > easier to hack you have a broken cipher, don't you? I am just wondering if it is a good idea to let other users know the origin of a connection to all the users. Let's imagine the case where for example the same user name is used for non-SSL and SSL sessions. This could give a hint of the activity on the server.. However, feel free to ignore those concerns if you think the current situation is fine... -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
