diff options
| author | Noah Misch <noah@leadboat.com> | 2017-08-07 07:09:28 -0700 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2017-08-07 07:09:31 -0700 |
| commit | 5e8e009146e3cae5c596d6e857a9c98fe22657b8 (patch) | |
| tree | 01e3d860a6c40a521739aa2ab5bfa04b9c415011 /doc/src/sgml | |
| parent | b2f833ea71bf9d2d56ec0c0ae4d839b001e6e7b1 (diff) | |
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make
pg_user_mappings enforce the qualifications user_mapping_options had
been enforcing, but its removal of a longstanding restriction left them
distinct when the current user is the subject of a mapping yet has no
server privileges. user_mapping_options emits no rows for such a
mapping, but pg_user_mappings includes full umoptions. Change
pg_user_mappings to show null for umoptions. Back-patch to 9.2, like
the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes.
Security: CVE-2017-7547
Diffstat (limited to 'doc/src/sgml')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 52de61c3956..a9daa646077 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -9211,17 +9211,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx <entry><type>text[]</type></entry> <entry></entry> <entry> - User mapping specific options, as <quote>keyword=value</> - strings. This column will show as null unless the current user - is the user being mapped, or the mapping is for - <literal>PUBLIC</literal> and the current user is the server - owner, or the current user is a superuser. The intent is - to protect password information stored as user mapping option. + User mapping specific options, as <quote>keyword=value</> strings </entry> </row> </tbody> </tgroup> </table> + + <para> + To protect password information stored as a user mapping option, + the <structfield>umoptions</structfield> column will read as null + unless one of the following applies: + <itemizedlist> + <listitem> + <para> + current user is the user being mapped, and owns the server or + holds <literal>USAGE</> privilege on it + </para> + </listitem> + <listitem> + <para> + current user is the server owner and mapping is for <literal>PUBLIC</> + </para> + </listitem> + <listitem> + <para> + current user is a superuser + </para> + </listitem> + </itemizedlist> + </para> + </sect1> |