Make wal_compression PGC_SUSET rather than PGC_USERSET.

When enabling wal_compression, there is a risk to leak data similarly to the BREACH and CRIME attacks on SSL where the compression ratio of a full page image gives a hint of what is the existing data of this page. This vulnerability is quite cumbersome to exploit in practice, but doable. So this patch makes wal_compression PGC_SUSET in order to prevent non-superusers from enabling it and exploiting the vulnerability while DBA thinks the risk very seriously and disables it in postgresql.conf. Back-patch to 9.5 where wal_compression was introduced.
author: Fujii Masao <fujii@postgresql.org> 2015-07-09 22:30:52 +0900
committer: Fujii Masao <fujii@postgresql.org> 2015-07-09 22:30:52 +0900
commit: c2e5f4d1c16faa84a19906706481cf149769f320 (patch)
tree: c91df42a1513684acc332a7d37ac8bf7bcfdd3e0 /doc/src
parent: 23b8928829038ef3fba5a04e4f2707c6034464c4 (diff)
download: postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.tar.gz
postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 4b7bd8a86e6..b91d6c75d27 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -2303,6 +2303,7 @@ include_dir 'conf.d'
         <xref linkend="guc-full-page-writes"> is on or during a base backup.
         A compressed page image will be decompressed during WAL replay.
         The default value is <literal>off</>.
+        Only superusers can change this setting.
        </para>
 
        <para>
author	Fujii Masao <fujii@postgresql.org>	2015-07-09 22:30:52 +0900
committer	Fujii Masao <fujii@postgresql.org>	2015-07-09 22:30:52 +0900
commit	c2e5f4d1c16faa84a19906706481cf149769f320 (patch)
tree	c91df42a1513684acc332a7d37ac8bf7bcfdd3e0 /doc/src
parent	23b8928829038ef3fba5a04e4f2707c6034464c4 (diff)
download	postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.tar.gz postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.zip