From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, hlinnaka <hlinnaka(at)iki(dot)fi>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: FPW compression leaks information |
Date: | 2015-04-15 12:42:47 |
Message-ID: | CAB7nPqTMXCcOMQJuqLGkpTW-QKpbgZT0BU4Mg7pMqGOS9g0HSQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Apr 15, 2015 at 9:20 PM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> On Wed, Apr 15, 2015 at 2:22 PM, Fujii Masao wrote:
>> On Wed, Apr 15, 2015 at 11:55 AM, Michael Paquier wrote:
>>> 1) Doc patch to mention that it is possible that compression can give
>>> hints to attackers when working on sensible fields that have a
>>> non-fixed size.
>>
>> I think that this patch is enough as the first step.
>
> I'll get something done for that at least, a big warning below the
> description of wal_compression would do it.
>
>>> 2) Switch at relation level to control wal_compression.
>>
>> ALTER TABLE SET is not allowed on system catalog like pg_authid. So should we
>> change it so that a user can change the flag even on system catalog? I'm afraid
>> that the change might cause another problem, though. Probably we can disable
>> the compression on every system catalogs by default. But I can imagine that
>> someone wants to enable the compression even on system catalog. For example,
>> pg_largeobject may cause lots of FPW.
>
> We could enforce a value directly in pg_class.h for only pg_authid if
> we think that it is a problem that bad, and rely on the default system
> value for the rest. That's a hacky-ugly approach though...
Something else that I recalled and has not yet been mentioned on this
thread. Even if the server-wide wal_compression is off, any user can
change its value because it is PGC_USERSET, hence I think that we had
better make it at least PGC_SUSET.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Kapila | 2015-04-15 13:09:08 | Re: Clock sweep not caching enough B-Tree leaf pages? |
Previous Message | Simon Riggs | 2015-04-15 12:42:33 | Re: Turning off HOT/Cleanup sometimes |