Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc2e5f4d

Browse files
committed
Make wal_compression PGC_SUSET rather than PGC_USERSET.
When enabling wal_compression, there is a risk to leak data similarly tothe BREACH and CRIME attacks on SSL where the compression ratio ofa full page image gives a hint of what is the existing data of this page.This vulnerability is quite cumbersome to exploit in practice, but doable.So this patch makes wal_compression PGC_SUSET in order to preventnon-superusers from enabling it and exploiting the vulnerability whileDBA thinks the risk very seriously and disables it in postgresql.conf.Back-patch to 9.5 where wal_compression was introduced.
1 parent23b8928 commitc2e5f4d

File tree

2 files changed

+2
-1
lines changed

2 files changed

+2
-1
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2303,6 +2303,7 @@ include_dir 'conf.d'
23032303
<xref linkend="guc-full-page-writes"> is on or during a base backup.
23042304
A compressed page image will be decompressed during WAL replay.
23052305
The default value is <literal>off</>.
2306+
Only superusers can change this setting.
23062307
</para>
23072308

23082309
<para>

‎src/backend/utils/misc/guc.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -995,7 +995,7 @@ static struct config_bool ConfigureNamesBool[] =
995995
},
996996

997997
{
998-
{"wal_compression",PGC_USERSET,WAL_SETTINGS,
998+
{"wal_compression",PGC_SUSET,WAL_SETTINGS,
999999
gettext_noop("Compresses full-page writes written in WAL file."),
10001000
NULL
10011001
},

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp