| From: | Feike Steenbergen <feikesteenbergen(at)gmail(dot)com> |
|---|---|
| To: | andrew(dot)wheelwright(at)familysearch(dot)org |
| Cc: | PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14600: Passwords in user mappings leaked by psql \deu+ command |
| Date: | 2017-03-29 14:54:03 |
| Message-ID: | CAK_s-G0gCFL_0NDwdHWBzbp81=4hrzDUoB=a0-BQJ-4m-z3pVA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> If a standard user logs into Alice using command line client, psql, and
runs
> the command \deu+, the password for both the standard_user and the
> power_user will be visible in the displayed user mapping.
\deu+ queries pg_catalog.pg_user_mappings, which itself is a view on top of
pg_user_mapping.
The permissions on pg_user_mapping (the table) seem sane, they do not allow
you
to see the values. The permissions on pg_user_mappings (the view) are too
wide
it seems.
you could - for your current environment - use the following workaround on
all
your databases:
REVOKE SELECT ON pg_user_mappings FROM public;
I do think this needs a fix however, these credentials should not be
visible to
public.
regards,
Feike
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Frazer McLean | 2017-03-29 15:42:58 | Unexpected interval comparison |
| Previous Message | Tom Lane | 2017-03-29 14:35:42 | Re: psqlrc overrides command line flags in PG 9.6 |