Re: PROPOSAL: make PostgreSQL sanitizers-friendly (and prevent information disclosure)

From: Chapman Flack <chap(at)anastigmatix(dot)net>
To: Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PROPOSAL: make PostgreSQL sanitizers-friendly (and prevent information disclosure)
Date: 2016-03-21 13:12:39
Message-ID: 56EFF347.20500@anastigmatix.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 03/21/2016 06:08 AM, Aleksander Alekseev wrote:

> As you may see there are "holes" that were in fact not filled. Under
> normal conditions they will be filled with data previously stored on
> stack which could be anything including passwords and other private
> data. Afterwards this structure is written to disk where potentially
> someone who not supposed to see this data may see it.
>
> I realize this is not a big problem in practice.

Well, the documentation already says to avoid it:

http://www.postgresql.org/docs/current/static/xfunc-c.html

Another important point is to avoid leaving any uninitialized
bits within data type values; for example, take care to zero out
any alignment padding bytes that might be present in structs.

so I don't think what you're suggesting would be controversial
at all; it looks like what you've done is found a(t least one)
bug where the documented practice wasn't followed, and it's good
to find any such places.

-Chap

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2016-03-21 13:15:39 Re: Applying logical replication changes by more than one process
Previous Message Petr Jelinek 2016-03-21 13:08:54 Re: Applying logical replication changes by more than one process