From c2e5f4d1c16faa84a19906706481cf149769f320 Mon Sep 17 00:00:00 2001 From: Fujii Masao Date: Thu, 9 Jul 2015 22:30:52 +0900 Subject: [PATCH] Make wal_compression PGC_SUSET rather than PGC_USERSET. When enabling wal_compression, there is a risk to leak data similarly to the BREACH and CRIME attacks on SSL where the compression ratio of a full page image gives a hint of what is the existing data of this page. This vulnerability is quite cumbersome to exploit in practice, but doable. So this patch makes wal_compression PGC_SUSET in order to prevent non-superusers from enabling it and exploiting the vulnerability while DBA thinks the risk very seriously and disables it in postgresql.conf. Back-patch to 9.5 where wal_compression was introduced. --- doc/src/sgml/config.sgml | 1 + src/backend/utils/misc/guc.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 4b7bd8a86e..b91d6c75d2 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -2303,6 +2303,7 @@ include_dir 'conf.d' is on or during a base backup. A compressed page image will be decompressed during WAL replay. The default value is off. + Only superusers can change this setting. diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 595a609989..1bed5250a6 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -995,7 +995,7 @@ static struct config_bool ConfigureNamesBool[] = }, { - {"wal_compression", PGC_USERSET, WAL_SETTINGS, + {"wal_compression", PGC_SUSET, WAL_SETTINGS, gettext_noop("Compresses full-page writes written in WAL file."), NULL },