On Tue, Jun 9, 2015 at 3:27 PM, Magnus Hagander <magnus@hagander.net> wrote: > > On Jun 9, 2015 6:00 AM, "Michael Paquier" <michael.paquier@gmail.com> wrote: >> >> Hi all, >> >> I should have noticed that before, but it happens that pg_stat_ssl >> leaks information about the SSL status of all the users connected to a >> server. Let's imagine for example: >> 1) Session 1 connected through SSL with a superuser: >> =# create role toto login; >> CREATE ROLE >> =# select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (1 row) >> 2) New session 2 with previously created user: >> => select * from pg_stat_ssl; >> pid | ssl | version | cipher | bits | >> compression | clientdn >> >> -------+-----+---------+-----------------------------+------+-------------+---------- >> 33348 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> 33367 | t | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | t >> | >> (2 rows) >> >> Attached is a patch to mask those values to users that should not have >> access to it, similarly to the other fields of pg_stat_activity. > > I don't have the thread around right now (on phone), but didn't we discuss > this back around the original submission and decide that this was wanted > behavior?
AIUI that one was just about the DN field, and not about the rest. If I understand you correctly, you are referring to the whole thing, not just one field?
> What actual sensitive data is leaked? If knowing the cipher type makes it > easier to hack you have a broken cipher, don't you?
I am just wondering if it is a good idea to let other users know the origin of a connection to all the users. Let's imagine the case where for example the same user name is used for non-SSL and SSL sessions. This could give a hint of the activity on the server..
However, feel free to ignore those concerns if you think the current situation is fine...
Well, I do think the current one is OK, but I don't want to ignore the comment anyway :) Happy to hear comments from others as well.