Re: Commitfest 2021-11 Patch Triage - Part 2 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Commitfest 2021-11 Patch Triage - Part 2
Date
Msg-id 2018784.1636917993@sss.pgh.pa.us
Whole thread Raw
In response to Re: Commitfest 2021-11 Patch Triage - Part 2  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> Attackers aren't likely to have the kind of isolated control over the
> data in the WAL stream (which is a combination of data from lots of
> ongoing activity in the system and isn't likely to be exactly what the
> attacker supplied at some higher level anyway) and the ability to read
> and analyze the WAL stream from a primary to a replica to be able to
> effectively attack it.

Yeah, I concur with that so far as WAL data goes.  A hypothetical attacker
will not have control over xact IDs, tuple TIDs, etc, which will add
enough entropy to the stream that extracting data payloads seems pretty
infeasible.

My concern upthread was about client-session connections, where such
mitigation doesn't apply.  (I wonder a bit about logical-replication
streams, too.)

            regards, tom lane



pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: Commitfest 2021-11 Patch Triage - Part 2
Next
From: Daniel Gustafsson
Date:
Subject: Re: Emit a warning if the extension's GUC is set incorrectly