From: | Claudio Freire <klaussfreire(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: FPW compression leaks information |
Date: | 2015-07-07 17:22:35 |
Message-ID: | CAGTBQpbjN6XDx+caRr=wsbwK1-NcSFQhDO+56VS=WFHhXyRfqg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jul 7, 2015 at 12:34 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Heikki Linnakangas (hlinnaka(at)iki(dot)fi) wrote:
>> On 07/07/2015 04:31 PM, Stephen Frost wrote:
>> >The alternative is to have monitoring tools which are running as
>> >superuser, which, in my view at least, is far worse.
>>
>> Or don't enable fpw_compression for tables where the information
>> leak is a problem.
>
> My hope would be that we would enable FPW compression by default for
> everyone as a nice optimization. Relegating it to a risky option which
> has to be tweaked on a per-table basis, but only for those tables where
> you don't mind the risk, makes a nice optimization nearly unusable for
> many environments.
No, only tables that have RLS (or the equivalent, like in the case of
pg_authid), where the leak may be meaningful.
The attack requires control over an adjacent (same page) row, but not
over the row being attacked. That's RLS.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2015-07-07 17:24:08 | Re: FPW compression leaks information |
Previous Message | David E. Wheeler | 2015-07-07 17:14:49 | Re: creating extension including dependencies |