Re: BUG #14600: Passwords in user mappings leaked by psql \deu+ command

Feike Steenbergen <feikesteenbergen@gmail.com>

From: Feike Steenbergen <feikesteenbergen@gmail.com>
To: andrew.wheelwright@familysearch.org
Cc: PostgreSQL mailing lists <pgsql-bugs@postgresql.org>
Date: 2017-03-29T14:54:03Z
Lists: pgsql-bugs

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Revise the permission checking on user mapping DDL commands.

> If a standard user logs into Alice using command line client, psql, and
runs
> the command \deu+, the password for both the standard_user and the
> power_user will be visible in the displayed user mapping.

\deu+ queries pg_catalog.pg_user_mappings, which itself is a view on top of
pg_user_mapping.

The permissions on pg_user_mapping (the table) seem sane, they do not allow
you
to see the values. The permissions on pg_user_mappings (the view) are too
wide
it seems.

you could - for your current environment - use the following workaround on
all
your databases:

REVOKE SELECT ON pg_user_mappings FROM public;

I do think this needs a fix however, these credentials should not be
visible to
public.

regards,

Feike