Re: FPW compression leaks information

On Wed, Apr 15, 2015 at 9:20 PM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> On Wed, Apr 15, 2015 at 2:22 PM, Fujii Masao wrote:
>> On Wed, Apr 15, 2015 at 11:55 AM, Michael Paquier wrote:
>>> 1) Doc patch to mention that it is possible that compression can give
>>> hints to attackers when working on sensible fields that have a
>>> non-fixed size.
>>
>> I think that this patch is enough as the first step.
>
> I'll get something done for that at least, a big warning below the
> description of wal_compression would do it.
>
>>> 2) Switch at relation level to control wal_compression.
>>
>> ALTER TABLE SET is not allowed on system catalog like pg_authid. So should we
>> change it so that a user can change the flag even on system catalog? I'm afraid
>> that the change might cause another problem, though. Probably we can disable
>> the compression on every system catalogs by default. But I can imagine that
>> someone wants to enable the compression even on system catalog. For example,
>> pg_largeobject may cause lots of FPW.
>
> We could enforce a value directly in pg_class.h for only pg_authid if
> we think that it is a problem that bad, and rely on the default system
> value for the rest. That's a hacky-ugly approach though...

Something else that I recalled and has not yet been mentioned on this
thread. Even if the server-wide wal_compression is off, any user can
change its value because it is PGC_USERSET, hence I think that we had
better make it at least PGC_SUSET.
--
Michael