Re: FPW compression leaks information

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Fujii Masao <masao(dot)fujii(at)gmail(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, hlinnaka <hlinnaka(at)iki(dot)fi>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: FPW compression leaks information
Date: 2015-04-15 12:20:27
Message-ID: CAB7nPqQGOqMHHD+xg80t=+8M9x=3SkFk0Rx-HoyDqwdf4E7nzw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Apr 15, 2015 at 2:22 PM, Fujii Masao wrote:
> On Wed, Apr 15, 2015 at 11:55 AM, Michael Paquier wrote:
>> 1) Doc patch to mention that it is possible that compression can give
>> hints to attackers when working on sensible fields that have a
>> non-fixed size.
>
> I think that this patch is enough as the first step.

I'll get something done for that at least, a big warning below the
description of wal_compression would do it.

>> 2) Switch at relation level to control wal_compression.
>
> ALTER TABLE SET is not allowed on system catalog like pg_authid. So should we
> change it so that a user can change the flag even on system catalog? I'm afraid
> that the change might cause another problem, though. Probably we can disable
> the compression on every system catalogs by default. But I can imagine that
> someone wants to enable the compression even on system catalog. For example,
> pg_largeobject may cause lots of FPW.

We could enforce a value directly in pg_class.h for only pg_authid if
we think that it is a problem that bad, and rely on the default system
value for the rest. That's a hacky-ugly approach though...
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2015-04-15 12:31:42 Re: [COMMITTERS] pgsql: Move pg_upgrade from contrib/ to src/bin/
Previous Message Michael Paquier 2015-04-15 12:07:43 TAP tests of pg_rewind not stopping servers used for the tests