diff options
| author | Fujii Masao <fujii@postgresql.org> | 2015-07-09 22:30:52 +0900 |
|---|---|---|
| committer | Fujii Masao <fujii@postgresql.org> | 2015-07-09 22:30:52 +0900 |
| commit | c2e5f4d1c16faa84a19906706481cf149769f320 (patch) | |
| tree | c91df42a1513684acc332a7d37ac8bf7bcfdd3e0 /src/backend/utils/misc/guc.c | |
| parent | 23b8928829038ef3fba5a04e4f2707c6034464c4 (diff) | |
| download | postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.tar.gz postgresql-c2e5f4d1c16faa84a19906706481cf149769f320.zip | |
Make wal_compression PGC_SUSET rather than PGC_USERSET.
When enabling wal_compression, there is a risk to leak data similarly to
the BREACH and CRIME attacks on SSL where the compression ratio of
a full page image gives a hint of what is the existing data of this page.
This vulnerability is quite cumbersome to exploit in practice, but doable.
So this patch makes wal_compression PGC_SUSET in order to prevent
non-superusers from enabling it and exploiting the vulnerability while
DBA thinks the risk very seriously and disables it in postgresql.conf.
Back-patch to 9.5 where wal_compression was introduced.
Diffstat (limited to 'src/backend/utils/misc/guc.c')
| -rw-r--r-- | src/backend/utils/misc/guc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 595a609989d..1bed5250a6c 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -995,7 +995,7 @@ static struct config_bool ConfigureNamesBool[] = }, { - {"wal_compression", PGC_USERSET, WAL_SETTINGS, + {"wal_compression", PGC_SUSET, WAL_SETTINGS, gettext_noop("Compresses full-page writes written in WAL file."), NULL }, |