diff options
| author | Fujii Masao <fujii@postgresql.org> | 2015-07-09 22:30:52 +0900 |
|---|---|---|
| committer | Fujii Masao <fujii@postgresql.org> | 2015-07-09 22:31:39 +0900 |
| commit | 19a65458159ca5f46d8ac154e62273fa2a8cf13f (patch) | |
| tree | a1e25606df82af43b06d5f1b3aeed66185d5dc5b /src | |
| parent | 1a0959b3887f05e55712e1ef27b7d1b3c75d645f (diff) | |
| download | postgresql-19a65458159ca5f46d8ac154e62273fa2a8cf13f.tar.gz postgresql-19a65458159ca5f46d8ac154e62273fa2a8cf13f.zip | |
Make wal_compression PGC_SUSET rather than PGC_USERSET.
When enabling wal_compression, there is a risk to leak data similarly to
the BREACH and CRIME attacks on SSL where the compression ratio of
a full page image gives a hint of what is the existing data of this page.
This vulnerability is quite cumbersome to exploit in practice, but doable.
So this patch makes wal_compression PGC_SUSET in order to prevent
non-superusers from enabling it and exploiting the vulnerability while
DBA thinks the risk very seriously and disables it in postgresql.conf.
Back-patch to 9.5 where wal_compression was introduced.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/utils/misc/guc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 0356ecb4821..34c23f9560d 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -995,7 +995,7 @@ static struct config_bool ConfigureNamesBool[] = }, { - {"wal_compression", PGC_USERSET, WAL_SETTINGS, + {"wal_compression", PGC_SUSET, WAL_SETTINGS, gettext_noop("Compresses full-page writes written in WAL file."), NULL }, |