Make wal_compression PGC_SUSET rather than PGC_USERSET.

Fujii Masao <fujii@postgresql.org>

Commit: c2e5f4d1c16faa84a19906706481cf149769f320
Author: Fujii Masao <fujii@postgresql.org>
Date: 2015-07-09T13:30:52Z
Releases: 9.6.0
Make wal_compression PGC_SUSET rather than PGC_USERSET.

When enabling wal_compression, there is a risk to leak data similarly to
the BREACH and CRIME attacks on SSL where the compression ratio of
a full page image gives a hint of what is the existing data of this page.
This vulnerability is quite cumbersome to exploit in practice, but doable.

So this patch makes wal_compression PGC_SUSET in order to prevent
non-superusers from enabling it and exploiting the vulnerability while
DBA thinks the risk very seriously and disables it in postgresql.conf.

Back-patch to 9.5 where wal_compression was introduced.

Files

PathChange+/−
doc/src/sgml/config.sgml modified +1 −0
src/backend/utils/misc/guc.c modified +1 −1

Documentation touched