diff options
| author | Noah Misch | 2017-08-07 14:09:28 +0000 |
|---|---|---|
| committer | Noah Misch | 2017-08-07 14:09:28 +0000 |
| commit | e568e1eee4650227170cf8c64eedb74bafd7d1f0 (patch) | |
| tree | 11fd80de89bf7237e1d2519c58d4c5c13a8872e5 /doc/src | |
| parent | bf6b9e94445610a3d84cf9521032fab993f96fd6 (diff) | |
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make
pg_user_mappings enforce the qualifications user_mapping_options had
been enforcing, but its removal of a longstanding restriction left them
distinct when the current user is the subject of a mapping yet has no
server privileges. user_mapping_options emits no rows for such a
mapping, but pg_user_mappings includes full umoptions. Change
pg_user_mappings to show null for umoptions. Back-patch to 9.2, like
the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes.
Security: CVE-2017-7547
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index ea655a10a8..97e5ecf686 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -11099,17 +11099,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx <entry><type>text[]</type></entry> <entry></entry> <entry> - User mapping specific options, as <quote>keyword=value</> - strings. This column will show as null unless the current user - is the user being mapped, or the mapping is for - <literal>PUBLIC</literal> and the current user is the server - owner, or the current user is a superuser. The intent is - to protect password information stored as user mapping option. + User mapping specific options, as <quote>keyword=value</> strings </entry> </row> </tbody> </tgroup> </table> + + <para> + To protect password information stored as a user mapping option, + the <structfield>umoptions</structfield> column will read as null + unless one of the following applies: + <itemizedlist> + <listitem> + <para> + current user is the user being mapped, and owns the server or + holds <literal>USAGE</> privilege on it + </para> + </listitem> + <listitem> + <para> + current user is the server owner and mapping is for <literal>PUBLIC</> + </para> + </listitem> + <listitem> + <para> + current user is a superuser + </para> + </listitem> + </itemizedlist> + </para> + </sect1> |