diff options
| author | Noah Misch | 2017-08-07 14:09:28 +0000 |
|---|---|---|
| committer | Noah Misch | 2017-08-07 14:09:31 +0000 |
| commit | b6e39ca92eeee4e5fa0e83ce3e04dad82559983f (patch) | |
| tree | 422c9ea9db2e603dd43d11fabfa127cb2084a21c /doc/src/sgml | |
| parent | d5d46d99ba47f77a847d29a35d6e069b233f2183 (diff) | |
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make
pg_user_mappings enforce the qualifications user_mapping_options had
been enforcing, but its removal of a longstanding restriction left them
distinct when the current user is the subject of a mapping yet has no
server privileges. user_mapping_options emits no rows for such a
mapping, but pg_user_mappings includes full umoptions. Change
pg_user_mappings to show null for umoptions. Back-patch to 9.2, like
the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes.
Security: CVE-2017-7547
Diffstat (limited to 'doc/src/sgml')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 73096499ee7..8ef7fa83856 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -9418,17 +9418,37 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx <entry><type>text[]</type></entry> <entry></entry> <entry> - User mapping specific options, as <quote>keyword=value</> - strings. This column will show as null unless the current user - is the user being mapped, or the mapping is for - <literal>PUBLIC</literal> and the current user is the server - owner, or the current user is a superuser. The intent is - to protect password information stored as user mapping option. + User mapping specific options, as <quote>keyword=value</> strings </entry> </row> </tbody> </tgroup> </table> + + <para> + To protect password information stored as a user mapping option, + the <structfield>umoptions</structfield> column will read as null + unless one of the following applies: + <itemizedlist> + <listitem> + <para> + current user is the user being mapped, and owns the server or + holds <literal>USAGE</> privilege on it + </para> + </listitem> + <listitem> + <para> + current user is the server owner and mapping is for <literal>PUBLIC</> + </para> + </listitem> + <listitem> + <para> + current user is a superuser + </para> + </listitem> + </itemizedlist> + </para> + </sect1> |