Re: Practical Timing Side Channel Attacks on Memory Compression
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Filip Janus <fjanus@redhat.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2022-04-06T14:14:01Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > One last thought: I don't think it's right to suppose that every > security vulnerability is the result of some design flaw and every > security vulnerability must be patched. As far as Postgres is concerned, I'm kind of unimpressed by timing-based attacks. There are enough layers between a hypothetical attacker and a particular algorithm in the backend that it'd be really hard to get any reliable numbers. Length-based attacks are more realistic, since e.g. we allow you to find out the compressed size of a data value. But as you noted, those can be defeated by not storing sensitive data in the same place as attacker-controlled data. Or turning off compression, but that's largely throwing the baby out with the bathwater. In the end I think it's up to the DBA how concerned to be about this and what measures she should take to mitigate any risks. regards, tom lane