| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: FPW compression leaks information |
| Date: | 2015-04-13 13:44:53 |
| Message-ID: | 20150413134453.GK3663@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Heikki Linnakangas (hlinnaka(at)iki(dot)fi) wrote:
> On 04/10/2015 05:17 AM, Robert Haas wrote:
> >On Apr 9, 2015, at 8:51 PM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> >>What should we do about this?
> >
> >I bet that there are at least 1000 covert channel attacks that are more practically exploitable than this.
>
> Care to name some? This is certainly quite cumbersome to exploit,
> but it's doable.
I don't see any good reason to expose this information to every user on
the system, regardless of how easy (or not easy) it is to exploit.
There's a bunch of information which we want monitoring systems to be
able to gather but which shouldn't be generally available and this is
just another example of that.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ian Stakenvicius | 2015-04-13 14:02:24 | Re: Revisiting Re: BUG #8532: postgres fails to start with timezone-data >=2013e |
| Previous Message | Alvaro Herrera | 2015-04-13 13:33:35 | Re: "rejected" vs "returned with feedback" in new CF app |