From 5e8e009146e3cae5c596d6e857a9c98fe22657b8 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 7 Aug 2017 07:09:28 -0700 Subject: Again match pg_user_mappings to information_schema.user_mapping_options. Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make pg_user_mappings enforce the qualifications user_mapping_options had been enforcing, but its removal of a longstanding restriction left them distinct when the current user is the subject of a mapping yet has no server privileges. user_mapping_options emits no rows for such a mapping, but pg_user_mappings includes full umoptions. Change pg_user_mappings to show null for umoptions. Back-patch to 9.2, like the above commit. Reviewed by Tom Lane. Reported by Jeff Janes. Security: CVE-2017-7547 --- doc/src/sgml/catalogs.sgml | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 52de61c3956..a9daa646077 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -9211,17 +9211,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx text[] - User mapping specific options, as keyword=value - strings. This column will show as null unless the current user - is the user being mapped, or the mapping is for - PUBLIC and the current user is the server - owner, or the current user is a superuser. The intent is - to protect password information stored as user mapping option. + User mapping specific options, as keyword=value strings + + + To protect password information stored as a user mapping option, + the umoptions column will read as null + unless one of the following applies: + + + + current user is the user being mapped, and owns the server or + holds USAGE privilege on it + + + + + current user is the server owner and mapping is for PUBLIC + + + + + current user is a superuser + + + + + -- cgit v1.2.3