Home > mailing lists

Re: FPW compression leaks information - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: FPW compression leaks information
Date	April 13, 2015 16:45:06
Msg-id	20150413134453.GK3663@tamriel.snowman.net Whole thread Raw
In response to	Re: FPW compression leaks information (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

* Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> On 04/10/2015 05:17 AM, Robert Haas wrote:
> >On Apr 9, 2015, at 8:51 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> >>What should we do about this?
> >
> >I bet that there are at least 1000 covert channel attacks that are more practically exploitable than this.
>
> Care to name some? This is certainly quite cumbersome to exploit,
> but it's doable.

I don't see any good reason to expose this information to every user on
the system, regardless of how easy (or not easy) it is to exploit.

There's a bunch of information which we want monitoring systems to be
able to gather but which shouldn't be generally available and this is
just another example of that.
Thanks,
    Stephen

pgsql-hackers by date:

From: Alvaro Herrera
Date: 13 April 2015, 16:33:08
Subject: Re: "rejected" vs "returned with feedback" in new CF app

From: Ian Stakenvicius
Date: 13 April 2015, 17:02:40
Subject: Re: Revisiting Re: BUG #8532: postgres fails to start with timezone-data >=2013e

Re: FPW compression leaks information - Mailing list pgsql-hackers

Previous

Next