Re: FPW compression leaks information - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: FPW compression leaks information
Date
Msg-id 20150707172408.GR12131@tamriel.snowman.net
Whole thread Raw
In response to Re: FPW compression leaks information  (Claudio Freire <klaussfreire@gmail.com>)
Responses Re: FPW compression leaks information
List pgsql-hackers
* Claudio Freire (klaussfreire@gmail.com) wrote:
> On Tue, Jul 7, 2015 at 12:34 PM, Stephen Frost <sfrost@snowman.net> wrote:
> > * Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> >> On 07/07/2015 04:31 PM, Stephen Frost wrote:
> >> >The alternative is to have monitoring tools which are running as
> >> >superuser, which, in my view at least, is far worse.
> >>
> >> Or don't enable fpw_compression for tables where the information
> >> leak is a problem.
> >
> > My hope would be that we would enable FPW compression by default for
> > everyone as a nice optimization.  Relegating it to a risky option which
> > has to be tweaked on a per-table basis, but only for those tables where
> > you don't mind the risk, makes a nice optimization nearly unusable for
> > many environments.
>
> No, only tables that have RLS (or the equivalent, like in the case of
> pg_authid), where the leak may be meaningful.
>
> The attack requires control over an adjacent (same page) row, but not
> over the row being attacked. That's RLS.

Eh?  I don't recall Heikki's attack requiring RLS and what about
column-level privilege cases where you have access to the row but not to
one of the columns?
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Claudio Freire
Date:
Subject: Re: FPW compression leaks information
Next
From: Claudio Freire
Date:
Subject: Re: FPW compression leaks information